|
|
10-17-2012, 04:17 PM | #90 | |
BimmerPost Supporting Vendor
3387
Rep 7,542
Posts |
Quote:
DME controls the motor only, and verifies a special code with CAS before fuel injection is activated. If key is wrong, CAS will not pass the correct code to the DME and therefore car will not start. If key is wrong, CAS will not authenticate and ignition will not turn on. You can have a bunch of keys, and even when disabling keys 3-10, if the thief has a tool to sync another key they can steal the car. With the right tool it's not hard on a car with software before 47.1. BMW's 47.1 update is for all cars, although this issue seems most prominent in the UK, and BMW haven't said anything here in the US probably to avoid panic. I have updated quite a few cars here with the security update.
__________________
-----| Like us on Facebook | Instagram || Tuning Information | Remote Coding |----- ----Visit us at www.BPMSport.com - Emotion. Driven. | Toll Free: (888) 557-5133---- |
|
Appreciate
0
|
10-17-2012, 04:18 PM | #91 | |
BimmerPost Supporting Vendor
3387
Rep 7,542
Posts |
Quote:
You can lose both keys and buy two new keys and have them synced to the car. The CAS unit never has to be replaced unless there is a problem with it, which happens but is very rare (older versions of Program are known to cause module damage during update).
__________________
-----| Like us on Facebook | Instagram || Tuning Information | Remote Coding |----- ----Visit us at www.BPMSport.com - Emotion. Driven. | Toll Free: (888) 557-5133---- Last edited by BPMSport; 10-17-2012 at 04:31 PM.. |
|
Appreciate
0
|
10-17-2012, 04:47 PM | #92 |
Lieutenant
73
Rep 493
Posts |
You lost faith in BMW now because some thieves exploited a security vulnerability in some software? You may as well just stop using computers all together if that if your stance.
I'm sorry your car got stolen, but just saying "I've lost faith in BMW" is pretty short-sighted and ignorant. Cars get stolen all the time. Do people blame the mfg that the locking mechanism wasn't thief-proof? Hint: There's no such thing as fool-proof security. Everything is breakable/hackable. It's the central tenet of security. Further, you're all pissy because a company doesn't want to refund 6-mo left on your lease? If you bought a nice diamond ring on a loan, and a thief stole it, are you honestly going to ask the jeweler/bank to refund your money because someone stole it? The logic here is astounding... |
Appreciate
0
|
10-17-2012, 05:35 PM | #94 |
BimmerPost Supporting Vendor
3387
Rep 7,542
Posts |
One thing I wanted to add - the CAS module is one of the only ones that almost RELIGIOUSLY has an update every time BMW releases a new software "package".
It was changed in 45, 46.1, 46.3, and now 47+
__________________
-----| Like us on Facebook | Instagram || Tuning Information | Remote Coding |----- ----Visit us at www.BPMSport.com - Emotion. Driven. | Toll Free: (888) 557-5133---- |
Appreciate
0
|
10-17-2012, 05:43 PM | #95 | |
No military grade
58
Rep 619
Posts |
Quote:
What becomes painfully obvious here, IMHO, is that this specific function (namely pairing a new key to the car) is protected worse than some other "software" functions, like: - Navigation maps - Modifying the ECU software - Navigation functionality in the CIC - Speech recognition - VMax un-limiting (M Driver's Package) All of those are protected using cryptographic functions and are very hard to break (as far as I know, only the first two have been done as of now). That is how BMW protects things they are interested in, because these features generate revenue - unlike if they protect you car from being stolen, where the opposite is true. Honi soit qui mal y pense.
__________________
|
|
Appreciate
0
|
10-17-2012, 06:02 PM | #96 |
Colonel
766
Rep 2,361
Posts |
a few of us should meet up and park our cars in various places under CCTV. then "steal" each others cars and rendezvous somewhere else and grab a beer. Submit the recording and get news coverage such as myfoxny's shame shame shame on BMW NA
|
Appreciate
0
|
10-17-2012, 06:03 PM | #98 | |
Second Lieutenant
32
Rep 293
Posts |
Quote:
__________________
2006 M3: Individual Blue Onyx on Black. MT
|
|
Appreciate
0
|
10-17-2012, 06:15 PM | #99 | |
Lieutenant
73
Rep 493
Posts |
Quote:
The car is plenty secure, and BMW has already offered a solution. Shit happens. Furthermore, even HIGHLY cryptographically encoded data, like the HDMI key signing algorithm, are cracked just as well. I don't care what encryption you have, you won't be safe for too long. Last edited by conradb; 10-17-2012 at 06:21 PM.. |
|
Appreciate
0
|
10-17-2012, 06:17 PM | #100 | |
Captain
162
Rep 675
Posts |
Quote:
__________________
2020 BMW M5
2014 BMW M5 Competition Pack, Dinan Stage 2, Full Eisenmann Race, MSR Intake and lots of carbon fiber... 2013 BMW X5M, Dinan Exhaust, Dinan Stage 1, Dinan Suspension (gone) 2013 BMW M6 Eisenmann Race(gone) |
|
Appreciate
0
|
10-17-2012, 07:34 PM | #102 | |
Banned
350
Rep 1,225
Posts |
Quote:
Lost faith in BMW? And going to the C63 is even worse.. |
|
Appreciate
0
|
10-17-2012, 07:59 PM | #103 | |
BimmerPost Supporting Vendor
3387
Rep 7,542
Posts |
Quote:
VMax unlimiting is easy too. You just have to have the right tools. While I have a specialty tool for modifying anything I want in the DME/ECU, these guys have a 'specialty tool' for keys. All you need is the right tools. There is nothing that is 100% secure. Now BMW did make it difficult for people to tune cars a few years ago. But in all honesty it's pretty easy to get around BMW's 'tunerlock' protection. It's a matter of changing a pointer and moving a header to another location, and then it's bypassed. Only a very small fraction of people know how to do this. Takes about 5 seconds Where there is a will, there is a way. That's the name of the game. This mantra of having the car stolen via OBD/Key reprogramming has been around for years and years. It's nothing new, and it will never be 100% circumvented, although measures can be taken to reduce the propensity of such a situation. I don't think less of BMW because of this. http://vag-info.com/BMW%20Group%20products.htm Also, if you look at this site, it clearly indicates "The device works with the latest BMW software ISTA V45/46/47 for CAS 3". If they are correct that this works on cars with ISTA/P v47+, then all of the cars are still vulnerable anyway, including mine. At a price tag of 8,000 Euro, you'll be dealing with some serious car thieves to begin with, not some knuckle-headed punk kids.
__________________
-----| Like us on Facebook | Instagram || Tuning Information | Remote Coding |----- ----Visit us at www.BPMSport.com - Emotion. Driven. | Toll Free: (888) 557-5133---- Last edited by BPMSport; 10-17-2012 at 08:20 PM.. |
|
Appreciate
0
|
10-17-2012, 09:50 PM | #104 |
Major General
688
Rep 6,845
Posts
Drives: 2018 Audi RS5 coupe
Join Date: Jul 2008
Location: Reston, VA
|
So a thief will clone you a new key for free
But BMW charges you $400 for a new key
__________________
|
Appreciate
0
|
10-17-2012, 09:50 PM | #105 | |
Major
382
Rep 1,170
Posts
Drives: 2020 F97 X3M
Join Date: Jan 2010
Location: SoFla/ATL
|
Quote:
Best of luck with whichever vehicle you choose.
__________________
2011 MINI CooperS BRGII/Lounge Green/Sport/Prem/Connect/Black Xenon/Black Conical Spokes/ACS springs/ACS exhaust/Alta Shorty/Yokohama Advan Sport A/S
2012 M3 AW/FR NDH2/2MK/ZPP/ZCP/ZCW/752/6NR/OEM CF splitters/OEM CF Mirror caps (retired) 2012 X3 35i Titanium Silver/Black ZAP/ZPP/TECH/APPS/Breyton GTS (retired) 2018 X3 M40i BSM/Oyster/ZPP/ZPX/HK/S6CPA/718M(retired) |
|
Appreciate
0
|
10-18-2012, 12:09 AM | #106 | |
Banned
25
Rep 873
Posts |
Quote:
|
|
Appreciate
0
|
10-18-2012, 01:42 AM | #107 |
Lieutenant General
11572
Rep 11,136
Posts |
Unbelievable. Glad to see more people have CCTV though. In my opinion, everyone should have this with a proper motor parked in their garage or drive.
|
Appreciate
0
|
10-18-2012, 01:55 AM | #108 | |
No military grade
58
Rep 619
Posts |
Quote:
1. FSC circumvention by a CAN-Bus blocker for the CIC (speech recognition, navigation and to a certain extent, maps) has some problems of its own (e.g. the owner of the car has to order a map FSC with another VIN, so he first has to know which one this is - there is a case of a buyer of such a car in Germany right now, sometimes, not all functions work correctly). 2. Map FSCs and ECU protection are special cases. The first one is not a RSA function and thus could be hacked (in fact it was). As for the ECU: for the M3 it is much easier to hack than with cars that BMW really wanted to protect, like the 335i. Tuning of the N54 was a real threat because it was cheaper but practically equally strong as it was developed as an alternative to the S65 that was ultimately used. So the protection was much stronger than simple checksumming because there was more at stake for BMW. In the beginning, only piggybacks could be used, then, when an early unprotected beta firmware was used as a tuning basis, BMW replaced the MSD80 by the MSD81, making firmware tuning impossible for nearly another year until an israeli company cracked the signature key for that, too. What this proves, is that with all of my listed assets, BMW has at least tried to prevent access - they did not protect access of the API function to pair a key, it was sitting there waiting to be exploited. Audi has a similar function and protected it (the diagnostic station has to be online and request a code from the manufacturer). I call that irresponsible on BMW's part, to say the least. BTW: The device is less than $1000 in China. And is there really a fix out? I have seen the announcement for the UK, nowhere else. You once said that 2.47.1 fixes it (and just told us that the device still works with 2.47), but you did not yet specify if there are additional settings (i.e. coding) is neccessary. I can understand that because you want to make money with the service you offer. BMW did neither offer a fix outside of the UK nor informs their customers, probably fearing an uproar when they admit that it was their fault not to protect this function, especially in the U.S. I have requested info here in Germany, but did not yet receive an answer. @conradb: Of course it takes a "highly-sophisticated" approach - BMWs are expensive cars, savvy? It seems like there is a financial controller that makes sure that the effort employed to protect something is directly proprotional to the amount at stake - and the amount is negative for theft protection because a car stolen = a car sold, unless you get a C63 afterwars. So no dice!
__________________
Last edited by meyergru; 10-18-2012 at 02:16 AM.. |
|
Appreciate
0
|
10-18-2012, 02:20 AM | #109 | |
Private First Class
4
Rep 199
Posts
Drives: Ford Focus ST: 2.5l /5 cyl
Join Date: Jul 2011
Location: Cape Town South Africa
|
Quote:
A lot of BMW fanboys providing sympathy to the bloke but little vented at the company responsible. OP: don't feel too bad. Here in South Africa if they want your car they just put a gun to your head and relieve you of it. No jokes. This sort of key programming is way over the head of the common thief prowling our sunny shores. |
|
Appreciate
0
|
10-18-2012, 02:38 AM | #110 |
Brigadier General
2511
Rep 4,381
Posts |
AIUI this vulnerability was created by an EU law that was introduced to ensure that cars could be fully serviced outside a dealer network. Essentially the functions of the OBD port has to be made available to all third party dealers to conduct diagnostics etc.
|
Appreciate
0
|
Post Reply |
Bookmarks |
|
|