BMW M3 Forum (E90 E92)

BMW Garage BMW Meets Register Search Today's Posts Mark Forums Read


Go Back   M3Post - BMW M3 Forum > M3 (E90 / E92 / E93) > General M3 Forum (E90 + E92 + E93)
 
Post Reply
 
Thread Tools Search this Thread
      10-18-2012, 02:57 AM   #111
izzyM2
Major
izzyM2's Avatar
641
Rep
1,207
Posts

Drives: 24’M2/21ID.4/21’MacanGTS
Join Date: Sep 2012
Location: SoCal

iTrader: (4)

Quote:
Originally Posted by AcidMal View Post
C63 coupe is just so much cooler than m3, which looks ancient in comparison.
This will be only until M4 is released.
I beg to differ. Although I owned the sedan version. I thought the c63 coupe was fugly. The E9x M3 might be out for a log time now but in no way it
looks outdated. I think it's looks, body lines and appeal will stay pleasing to the eyes forever. But I understand it is really an individuals taste. Now a BS C63 on the other hand is really going off topic.
Appreciate 0
      10-18-2012, 03:08 AM   #112
BPMSport
BimmerPost Supporting Vendor
BPMSport's Avatar
United_States
3381
Rep
7,539
Posts


Drives: Harrop M3 / F10 M5 / F82 M4
Join Date: Apr 2008
Location: SoCal

iTrader: (9)

Garage List
2000 BMW M5  [0.00]
1990 BMW 735i Turbo  [0.00]
2008 BMW M3  [7.50]
2015 BMW M3  [0.00]
2015 BMW M5  [0.00]
1. It's not really a CAN-Bus blocker, it's more of a 'filter'. I've logged the CAN bus in real time to see whats happening. There are a few different ways to get the FSC certificate store to authenticate and allow use of maps/voice/etc..

Not sure what you mean about not all functions working correctly.. If the emulator is in there and the certificates are valid, then it works. If any part of this equation is missing, there may be issues with missing features. Yes you do need to know the original VIN of the car it came from for map updates if the certificates are original, but you can pull that from the FSC 1B. No real other downsides other than extremely small power consumption.

2. I disagree that tuning the M3 is any different than tuning the 335. BMW didn't protect the M3 anymore than they protected the 335 as far as I am concerned. In fact, the 335 didn't pop up with a tuner protected file in 2009 like the M3 did. Your comment that it was more than simple check-summing does not make sense to me. If the checksum is correct and the routines run properly, the car will start. The 335 MSD80/81 ECU is no more "protected" than the MSS60 ECU. In fact, I would say that the M3's ECU incorporates even more protection technology than the 335 ECU, considering it has a BDM locked left side processor. When any car comes out, it's a matter of time before it's cracked. And sometimes it's from information that leaks from the factory. Cracking serious RSA keys is sometimes not an option as we're limited by time and computing power. And yes, you are right about development firmwares with different signature checking that are sometimes leaked and used for tuning. Take for instance, the N55 - a perfect example of this. There is only so much that a manufacturer can do until there is a point of diminished returns. You can secure the front door of your house so much that it's impossible for you yourself to enter. Same idea here.

In terms of the 47.1 update, it is supposed that it fixes this theft issue. Does US 47.1 differ from UK 47.1? Not to my knowledge. So a potential "patch" that they have for the UK market should theoretically be applied in the other markets as well, unless they chose to specifically target UK spec cars with specific coding data versus an actual program area patch. This is not hard for me to find out, I just need to program a UK variant and compare it to the US coding data. Information about this is not something I would withhold to make money, this is hobby for me more than anything else. I don't want my car (or yours) vulnerable to thieves.

The programmer who made the key hack device states on the site that it works on version 47 as well. It's conflicting information between BMW and the programmers to this key hack. Can I tell you with 100% certainty that BMW's update fixes this issue? No. And even if it did, it's a matter of time before it's possible again.

I don't have any use for that key programmer and would rather buy a car than steal it, so it's not feasible for me to purchase that tool and test the vulnerabilities of our current setup. Now if everyone on M3 posts donates five bucks we would probably have enough cash to buy this tool and put it to the test, and I would be happy to do the testing to see what's vulnerable and what's not - any why.

Obviously everything with in a company - particularly a huge vehicle manufacturer - is going to be assessed by future risk. They are going to do their best to mitigate risks white maximizing profit margins. It's a cost/benefit analysis and only BMW and these key hackers really know the extent of this problem.

SeniorFunkyPants also makes a very valid point two post above. In fact, this is probably one of the most important aspects of this.




Quote:
Originally Posted by meyergru View Post
I know all of that, however:

1. FSC circumvention by a CAN-Bus blocker for the CIC (speech recognition, navigation and to a certain extent, maps) has some problems of its own (e.g. the owner of the car has to order a map FSC with another VIN, so he first has to know which one this is - there is a case of a buyer of such a car in Germany right now, sometimes, not all functions work correctly).

2. Map FSCs and ECU protection are special cases. The first one is not a RSA function and thus could be hacked (in fact it was). As for the ECU: for the M3 it is much easier to hack than with cars that BMW really wanted to protect, like the 335i. Tuning of the N54 was a real threat because it was cheaper but practically equally strong as it was developed as an alternative to the S65 that was ultimately used. So the protection was much stronger than simple checksumming because there was more at stake for BMW. In the beginning, only piggybacks could be used, then, when an early unprotected beta firmware was used as a tuning basis, BMW replaced the MSD80 by the MSD81, making firmware tuning impossible for nearly another year until an israeli company cracked the signature key for that, too.

What this proves, is that with all of my listed assets, BMW has at least tried to prevent access - they did not protect access of the API function to pair a key, it was sitting there waiting to be exploited.
Audi has a similar function and protected it (the diagnostic station has to be online and request a code from the manufacturer).

I call that irresponsible on BMW's part, to say the least. BTW: The device is less than $1000 in China. And is there really a fix out? I have seen the announcement for the UK, nowhere else. You once said that 2.47.1 fixes it (and just told us that the device still works with 2.47), but you did not yet specify if there are additional settings (i.e. coding) is neccessary. I can understand that because you want to make money with the service you offer.

BMW did neither offer a fix outside of the UK nor informs their customers, probably fearing an uproar when they admit that it was their fault not to protect this function, especially in the U.S. I have requested info here in Germany, but did not yet receive an answer.

@conradb:

Of course it takes a "highly-sophisticated" approach - BMWs are expensive cars, savvy? It seems like there is a financial controller that makes sure that the effort employed to protect something is directly proprotional to the amount at stake - and the amount is negative for theft protection because a car stolen = a car sold, unless you get a C63 afterwars. So no dice!
__________________

-----| Like us on Facebook | Instagram || Tuning Information | Remote Coding |-----
----Visit us at www.BPMSport.com - Emotion. Driven. | Toll Free: (888) 557-5133----
Appreciate 0
      10-18-2012, 06:58 AM   #113
stealth.pilot
Knight Commander
stealth.pilot's Avatar
United Kingdom
554
Rep
5,948
Posts

Drives: 2014 911 Turbo S
Join Date: Aug 2010
Location: Buckhead

iTrader: (0)

Garage List
The other countermeasure would be to introduce death penalty for car theft.

Right now these crimes are barely punished so there is no reason to not steal a car.
__________________
2022 Mercedes-Benz EQS 580
2020 Mercedes-Benz GLE 450
Ordered: EQS580, BMW IX, Lucid Air Touring, Corvette Stingray
Appreciate 0
      10-18-2012, 07:37 AM   #114
Shakal
Second Lieutenant
Shakal's Avatar
5
Rep
200
Posts

Drives: BMW
Join Date: Aug 2007
Location: Europe

iTrader: (0)

Thats terrible Didn't BMW promised software fix for this? Is this fix ready for E92 ?

Here I have seen this about fix to prevent key cloning: http://www.e90post.com/forums/showthread.php?t=745973
Appreciate 0
      10-18-2012, 08:29 AM   #115
BigApple
Private First Class
BigApple's Avatar
28
Rep
139
Posts

Drives: 2013 M3 e93
Join Date: Aug 2012
Location: NJ

iTrader: (0)

I have a compustar Alarm when the car is broken in and the alarm is not deactivated even with a copied or original key they car wont start .. in cases like that worth the install..
Appreciate 0
      10-18-2012, 08:48 AM   #116
E60orBust
Captain
United_States
87
Rep
825
Posts

Drives: "The Brothers //M-Sport" E90/2
Join Date: Jul 2007
Location: MD

iTrader: (2)

Quote:
Originally Posted by WingZeroX5 View Post
a few of us should meet up and park our cars in various places under CCTV. then "steal" each others cars and rendezvous somewhere else and grab a beer. Submit the recording and get news coverage such as myfoxny's shame shame shame on BMW NA
This has to be the best response/idea I've seen yet. Note you didn't say "report them stolen", just send the "stolen" video to news stations.
__________________
Down for Maintenance
Appreciate 0
      10-18-2012, 10:30 AM   #117
meyergru
No military grade
meyergru's Avatar
Germany
58
Rep
619
Posts

Drives: E92 M3 DCT
Join Date: Aug 2007
Location: Munich, Germany

iTrader: (0)

Quote:
Originally Posted by Mike Benvo View Post
SeniorFunkyPants also makes a very valid point two post above. In fact, this is probably one of the most important aspects of this.
I don't think so: The obligation to have an OBD port initially referred to the emissions regulations (in the U.S. from 1991) and the EU only adopted this. Meanwhile, there is an obligation to have EOBD, but that is SAE J1962, used to read fault codes. In the EU, the mandatory emission tests are aborted if a fault code indicates that something is wrong with the engine.

There is no legal obligation to supply an unprotected means to pair a key to a car via proprietary CAN-bus protocols, this would be ridiculous, even in the over-regulated EU.

IMO, BMW has a long-standing tradition of using software mechanisms iff they fit their needs: they use cryptography (not 100% secure, granted) to protect their assets and they fight hardware deficiencies by masking them with software measures (remember the dreaded "turbo lag" problem when they just opened the wastegates in order to keep them from rattling instead of fixing the actuator arms? One of the longest threads ever here on Bimmerpost was about this. Also, they re-programmed the high end individual audio amplifier with less kick-bass to prevent badly installed bass speakers from vibrating).

When it comes to protecting their customers' cars from theft, they probably are just less inventive... as I said: honi soit qui mal y pense.


And still no word from BMW, apart from the UK.
__________________

Last edited by meyergru; 10-19-2012 at 03:26 AM..
Appreciate 0
      10-18-2012, 11:02 AM   #118
TVMA Doc
Captain
TVMA Doc's Avatar
56
Rep
868
Posts

Drives: 2011 E90 M3, Jerez Black
Join Date: Dec 2011
Location: SF Bay

iTrader: (0)

Garage List
Quote:
Originally Posted by SenorFunkyPants View Post
AIUI this vulnerability was created by an EU law that was introduced to ensure that cars could be fully serviced outside a dealer network. Essentially the functions of the OBD port has to be made available to all third party dealers to conduct diagnostics etc.
It may have been introduced, but it would have been relatively easy for BMW to have avoided this issue. Allowing the port to be active without a key present ONLY under dealership control/the shop in direct contact with BMW (much like the way Audi does it) or even allowing the OBD port to be disabled by the customer in iDrive/option to disable it when the ignition is off, etc.

This is an unintended consequence of the EU regulations, but one that should have been forseen. Any updates on whether BMW is actually "doing the right thing" for all cars involved? Does anyone know if LHD cars can be affected?
Appreciate 0
      10-18-2012, 11:06 AM   #119
TVMA Doc
Captain
TVMA Doc's Avatar
56
Rep
868
Posts

Drives: 2011 E90 M3, Jerez Black
Join Date: Dec 2011
Location: SF Bay

iTrader: (0)

Garage List
Quote:
Originally Posted by WingZeroX5 View Post
a few of us should meet up and park our cars in various places under CCTV. then "steal" each others cars and rendezvous somewhere else and grab a beer. Submit the recording and get news coverage such as myfoxny's shame shame shame on BMW NA
I'd vote for placing hard to detect trackers in enough of the UK vehicles such that it is a certainty that one of them will eventually be stolen and tracked back to the thieve's center of operations.

Then, it's either turn it over to the "authorities", or we can arrange for any interested BMW customer to "meet" the thieves-and after we're done we can send the tape to the local media then all go have that beer.
Appreciate 0
      10-18-2012, 11:43 AM   #120
Erie Von Otto
DT///M
Erie Von Otto's Avatar
United_States
149
Rep
1,370
Posts

Drives: 2014 F31 Touring
Join Date: Apr 2011
Location: Rocket City, AL

iTrader: (3)

Garage List
Dealership in Germany told me that they had no idea what I was referring to and that they had heard of no "fix" or problem requiring fixing in regards to key cloning/OBD vulnerability. I just pictured an ostrich stuffing its head in the dirt...
__________________
"With great power comes great responsibility." -El-Superbeasto
Appreciate 0
      10-18-2012, 01:25 PM   #121
NAV8TT
Major
NAV8TT's Avatar
United_States
213
Rep
882
Posts

Drives: 2013 ///M3 E92 DCT ZCP
Join Date: Aug 2011
Location: The greatest country in the world

iTrader: (0)

f**** scum bags, I'm so sorry dude, could this happen here in the us
__________________
Appreciate 0
      10-18-2012, 02:01 PM   #122
ES_TRADER
Colonel
343
Rep
2,928
Posts

Drives: 328i, 335i, M3, 535i, X5, 36M
Join Date: Oct 2010
Location: OC

iTrader: (3)

Garage List
2014 Ford Raptor  [0.00]
2012 328i E92  [10.00]
2013 X5  [0.00]
2013 335i F30  [8.00]
1990 Toyota Previa  [0.00]
1997 E36 M3  [10.00]
2011 E92 M3  [0.00]
2011 535i  [0.00]
can i get this done at the dealer? should be under warranty right?
Appreciate 0
      10-18-2012, 02:49 PM   #123
VCMpower
Banned
Canada
25
Rep
873
Posts

Drives: 2010 Dakar, 2013 Fire Orange
Join Date: Jan 2010
Location: Victoria B.C.

iTrader: (0)

+1


Quote:
Originally Posted by Mike Benvo View Post
Anyone with the right tools or a tow truck can steal a car.
Appreciate 0
      10-18-2012, 02:50 PM   #124
xDrive35i
Lieutenant Colonel
xDrive35i's Avatar
United_States
122
Rep
1,781
Posts

Drives: Porsche Macan S
Join Date: Feb 2011
Location: Chicago

iTrader: (0)

Quote:
Originally Posted by TVMA Doc View Post
It may have been introduced, but it would have been relatively easy for BMW to have avoided this issue. Allowing the port to be active without a key present ONLY under dealership control/the shop in direct contact with BMW (much like the way Audi does it) or even allowing the OBD port to be disabled by the customer in iDrive/option to disable it when the ignition is off, etc.
Couldn't have said it better.
Appreciate 0
      10-18-2012, 04:02 PM   #125
MADEYE
Enlisted Member
91
Rep
39
Posts

Drives: E92 330D M-Sport
Join Date: Sep 2012
Location: Ireland

iTrader: (0)

This has gone on for a while now, BMW were quick to fix the issues with the new M5/M6's but they need to get the finger out with a solution asap.
Appreciate 0
      10-18-2012, 04:16 PM   #126
darksilkx1
Lieutenant
155
Rep
491
Posts

Drives: Monthly Payment
Join Date: Jun 2011
Location: FL

iTrader: (0)

Wouldn't be funny if someone had their European Delivery ride stolen before turning it in.
__________________
Appreciate 0
      10-18-2012, 04:50 PM   #127
WingZeroX5
Colonel
WingZeroX5's Avatar
United_States
764
Rep
2,358
Posts

Drives: F80 / F30
Join Date: Mar 2010
Location: New Hampshire

iTrader: (14)

Quote:
Originally Posted by E60orBust View Post
This has to be the best response/idea I've seen yet. Note you didn't say "report them stolen", just send the "stolen" video to news stations.
haha thanks. I figured if we can stage them and PROOF that this can happen, BMW can issue a fix for it. After all, it's nothing but a huge security flaw in its software.
Appreciate 0
      10-18-2012, 06:19 PM   #128
bimmerjph
Colonel
bimmerjph's Avatar
United_States
121
Rep
2,023
Posts

Drives: 2005 Z4 3.0
Join Date: Oct 2011
Location: Tennessee

iTrader: (0)

Is it confirmed that this is a Europe only problem? Or is it possible that US spec cars can be stolen in this way too?
I was at the dealership today and asked a highly trusted SA about this and he seemed to have no idea what I was talking about. The reason I am asking is that we don't live in a great city so my mom's E60 might look very appealing to a tech savvy thug.
Appreciate 0
      10-19-2012, 12:21 AM   #129
M5007
Major
M5007's Avatar
United_States
71
Rep
1,410
Posts

Drives: 2014 M5 Competition Package
Join Date: Dec 2010
Location: Orange County, CA

iTrader: (0)

Sorry man that sucks.
__________________
Appreciate 0
      10-19-2012, 03:31 AM   #130
ORIGIN M.
Banned
3160
Rep
9,134
Posts

Drives: ///M
Join Date: Oct 2007
Location: Northern Hemisphere

iTrader: (0)

Be a good sport.

For all those that want a manufacture to secure a supplied ECU, most of you also want more power via a modified ECU.

As long as there is one there will always be the risk of the other.

I have always known this to be a risk, thus the reason for a high end alarm to protect my investment, AND not expecting it from a manufacture is just a given.
Appreciate 0
      10-19-2012, 11:16 PM   #131
BimmerRob08
Major
BimmerRob08's Avatar
United_States
110
Rep
1,311
Posts

Drives: 2008 M3, Space Gray
Join Date: Mar 2008
Location: KIKR (ABQ), NM

iTrader: (0)

I talked to my BMW rep and he says so far there isn't any software update he knows about that would fix such a problem. Anyone have the bulletin number for this update?
Appreciate 0
      10-20-2012, 09:29 PM   #132
Port Canaveral M3 driver
Enlisted Member
Port Canaveral M3 driver's Avatar
United_States
1
Rep
41
Posts

Drives: 13 E92 M3 & 05 BMW R1200GS
Join Date: Aug 2012
Location: Florida

iTrader: (0)

Garage List
I caught the guy while he was stealing my car.

I walked out of my condo in Miami to go to work at 3am Sat morning. As I approached my car, I noticed two guys in a car parked next to mine. As I walked up they drove off? I opened my car door and there was a big dude 6 02/ 235 lbs sitting there with my steering wheel in pieces, FTF? I was carrying my old 357 Magnum. I stepped back yanked out my gun and told him to get the F out of my car or I would shoot him dead. He had a very large craftsman screw driver in his hand. I told him if he got out with that in his hand I would blow his frigging head off his neck. He fell out into the ground. Just then Blue Lights every where? Cops were already watching and waiting for them to move the car so they could be charged with auto theft vs auto burg. Seems a neighbor had seen them and reported them for being in our parking lot. Cop asked me why I did not shoot the perp? I said stealing my car is not punishable by death. The next day when I saw the damage to my cars interior, I wished I had shot him. LOL
Appreciate 0
Post Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 12:06 PM.




m3post
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST