Originally Posted by meyergru
Not so fast...
What becomes painfully obvious here, IMHO, is that this specific function (namely pairing a new key to the car) is protected worse than some other "software" functions, like:
- Navigation maps
- Modifying the ECU software
- Navigation functionality in the CIC
- Speech recognition
- VMax un-limiting (M Driver's Package)
All of those are protected using cryptographic functions and are very hard to break (as far as I know, only the first two have been done as of now).
That is how BMW protects things they are interested in, because these features generate revenue - unlike if they protect you car from being stolen, where the opposite is true.
Honi soit qui mal y pense.
Navigation functionality is easy to get with a CIC as long as you have an emulator. Voice/speech recognition can also be loaded to a CIC that doesn't already have it, and if you have an emulator this is easy as pie. The FSC certificates are encrypted, but cracking the encryption for them is not necessary. Just having the car think that all the VIN's match does the trick.
VMax unlimiting is easy too. You just have to have the right tools. While I have a specialty tool for modifying anything I want in the DME/ECU, these guys have a 'specialty tool' for keys.
All you need is the right tools. There is nothing that is 100% secure. Now BMW did make it difficult for people to tune cars a few years ago. But in all honesty it's pretty easy to get around BMW's 'tunerlock' protection. It's a matter of changing a pointer and moving a header to another location, and then it's bypassed. Only a very small fraction of people know how to do this. Takes about 5 seconds
Where there is a will, there is a way. That's the name of the game.
This mantra of having the car stolen via OBD/Key reprogramming has been around for years and years. It's nothing new, and it will never be 100% circumvented, although measures can be taken to reduce the propensity of such a situation. I don't think less of BMW because of this.
Also, if you look at this site, it clearly indicates "The device works with the latest BMW software ISTA V45/46/47 for CAS 3". If they are correct that this works on cars with ISTA/P v47+, then all of the cars are still vulnerable anyway, including mine. At a price tag of 8,000 Euro, you'll be dealing with some serious car thieves to begin with, not some knuckle-headed punk kids.