Some interesting Information below about using OBD ports to clone car keys - Information found at: https://nakedsecurity.sophos.com/2012/09/18/bmw-stolen-hacking-kit/

On-board diagnostics (OBD) security bypass kits, replete with reprogramming modules and blank keys, are reportedly enabling low-intelligence thieves to steal high-end cars such as BMWs in a matter of seconds or minutes.

According to The Register, the $30 bypass tools are being shipped from China and Eastern Europe in kit form to unskilled criminals.

It looks like it's not just BMWs, mind you.

A post on the car enthusiast site Pistonheads suggests that devices similar to those used to steal BMWs are also available for Opel, Renault, Mercedes, Volkswagen, Toyota and Porsche Cayennes.

UK police are also seeing fancy cars whisked away by criminals believed to be using the kits, with the deprived owners still having the keys in their possession.

It's becoming so prevalent, in fact, that Warwickshire police released a press release warning BMW owners to take extra precautions, stating that 154 of the high-end cars have been stolen since January.

In August, London's Metropolitan Police left leaflets under windscreens, warning BMW owners their cars were likely to be targeted, according to a recent BBC Watchdog investigation into the thefts.

The tool was originally designed for garages and car recovery agents to get into different cars after owners had lost their keys. The kits have since been packaged up by criminal hackers, who have picked apart the security weaknesses of the OBD network.

To use the tool, car thieves first need to intercept the transmission between a valid key fob and a car before they can then reprogram the blank key, which they can then use to start or open the car via the OBD network.

The BBC rolled its camera skyward while its news reporters were using the key in its Watchdog investigation, but I found online videos showing how easy it is to use the tool - or, at least, a device that fits the tool's description.

If the video I found is an accurate depiction, even the village idiot could be behind the wheel of a fine ride with a $30 investment and a few minutes.

(By the way, Naked Security has chosen not to embed the video because it may encourage criminal activity, and we have no wish to promote sales of such tools to unauthorised parties)

BMW last week put out a statement saying it's aware of the new method of car thievery and is looking into how to mitigate it.

One way is to not own a BMW built before September 2011, apparently:

"After extensive research we are clear that none of our latest models - new 1 Series Hatch, 3 Series, 5 Series, 6 Series and 7 Series - nor any other BMW built after September 2011 can be stolen using this method. However, as a responsible manufacturer we are looking at ways of mitigating against this new kind of attack."

Customers worried about theft of targeted models can call their local BMW dealer.

BMW's offering extra technical measures that it says will keep cars from getting ripped off with the hacking kits, although, it says, "there is no such thing as an unstealable car."

So what are the security holes in OBD?

As pointed out by Rob VandenBrink in a presentation (PDF) delivered at a SANS Technology Institute security conference in July, OBD looks like "a slower, dumber Ethernet (sorta)."

For details on those weaknesses, check out his paper.

In summary, VandenBrink says:

"Unfortunately, the On Board Diagnostic (OBD) network in our cars is completely open, completely documented, and is being pushed more and more to open, documented and unauthenticated wireless access."

But wait, there's more. Short of allowing your ride to be stolen, security researchers at the University of Michigan and the University of Washington have shown that OBD shortcomings allow these other automotive WiFi shenanigans:

Locking and unlocking doors
Honking the horn
Wireless attack through tire pressure sensors
Trojan delivered via music CD

This stuff isn't new. The CD Trojan piece goes back to 2011.

What's new is how erudite hacker knowledge of OBD's limitations has been commoditized and marketed in these easy-to-use, cheap kits.

Should you shake down your car manufacturer to get better defences?

Unfortunately, it probably won't do you much good if you do, between the need for mechanics to have some type of tool to get into your car and competition laws requiring open standards.

Here's what the Pistonheads post had to say about it:

"The reason this form of theft is currently so rife … - is that European competition rules require diagnostic and security reprogramming devices to be available to non-franchised garages. As we understand it, this effectively means that car companies cannot restrict access to or use of OBD ports."

"Unfortunately it also means that, to a certain extent, the hands of car companies are tied..."

What you can do: contact your car dealer to see if they have mitigation techniques that will help, as BMW promises.

The Warwickshire Police also offer these safety tips, although they are unlikely to be much of a deterrent to a determined ODB hacker who gains access to your vehicle:

Try the door handle after using your key to lock your car, to double check that it is actually locked.
Take a good look around when leaving the vehicle to see if you can spot anyone waiting nearby or in a vehicle in the vicinity, especially if you check and find the door to still be open.
Report anything suspicious to the police: they want to nab these guys.

Ultimately, it's worth remembering - as BMW admits - that there's "no such thing as an unstealable car".

An interesting video on the topic too - found at: https://www.youtube.com/watch?v=jQiY_LChoEU

Further supplementing research found at: http://www.thecarexpert.co.uk/gone-60-seconds-high-tech-car-theft/, showing how easy it is to steal a car using software hacking techniques:

Gone In 60 Seconds – High-Tech Car Theft

By Carlo Casta -

Sep 19, 2013

Have you ever seen the blockbuster movie Gone in 60 Seconds, in which high end motors were stolen in a matter of seconds? Whilst most of the car-boosting techniques were a little far-fetched, rapid and sophisticated car theft is fast becoming a concerning reality.

High-end cars from premium brands like BMW, Range Rover and Mercedes-Benz are disappearing overnight right from their owners’ driveways – without the keys.

A quick history of car theft

Back in the early 90s, car theft was rife and motorists would often return to discover their pride and joy was no longer in the spot they parked it. A lack of anti-theft security made it very simple to start and drive a car without a key. Illegal methods known as hotwiring could see a brand new car stolen with very little effort. Insurance companies began demanding improved security measures, and in an attempt to reduce car theft an EU law was passed in 1998, demanding all new cars be factory-fitted with an immobiliser.

Cars now fitted with Thatcham 2 approved immobilisers are much more difficult to start without a correctly programmed key and thieves have been turning to new methods for stealing cars.

High-tech car theft

So if cars are now fitted with secure immobiliser technology, how are they still being pinched without the keys? Well, the short answer is thieves are making their own keys – in seconds! Using highly sophisticated technology that plugs into the OBD (On Board Diagnostic) system thieves are able to program a brand new key and start the car. This is a really big problem with BMW cars in particular, and hundreds have been stolen using this technique.

The laptop-based key programming equipment was originally produced for garages and mobile locksmiths to produce replacement car keys when car owners lose all their keys. Another standalone tool exists that simply plugs into the OBD port and codes a key at the push of a button in a matter of seconds. Unfortunately these tools have ended up in the wrong hands and are being used to unlawfully take high-end cars.

There have even been reports of cars being stolen without the use of this high-tech equipment. How can this be happening? For the majority of car manufacturers should you lose your car keys a replacement key would need programming to your car, but this is not the case with some BMW and Mercedes-Benz vehicles. When the car is first produced a total of 10 keys are programmed and held at the factory as replacements in case the keys are lost. These keys are ready-programmed to start the car. Thieves are very aware of this and have been going to great lengths to fake identification and walk into car dealers and order themselves a key to the car of their dreams.

Another car theft problem exists with the latest Toyota and Lexus proximity keys. Crooks have been using a sophisticated tool that clones the signal of a key when pressed to lock the car. The thieves hide out of sight and press a button on their cloning machine at the same time the car owner pushes the key lock button. The signal is then copied and allows the thieves to unlock and start the car without any sign of break-in.

What can be done to prevent your car from being stolen?

Car theft isn't always high-tech (The Car Expert)

BMW is now aware of the problem of “key cloning” and has been working on a software update solution for the cars effected. A free software upgrade is being offered by BMW to prevent the key cloning and secure the vehicles.

To ensure your car is as secure as possible follow this sound advice:

⁃ Be careful what you do with your keys and who you give them to. Keys can easily be cloned and copied – do you fully trust that parking attendant?

⁃ If possible, park your car out of sight in a locked garage with CCTV

⁃ When you lock your car with the remote key pull the handle to ensure it has actually locked. Thieves are using tools that block you remote and leave the car unlocked so this is really important.

⁃ Never leave your keys near the front door or on the stairs, they can easily be hooked through the letter box.

⁃ Smart proximity keys are programmed through the OBD port, think about moving the port to a hidden place.

It would seem strange that it took longer to pinch a car in 1990 than than would today. How secure really is all this new anti-car theft technology?

Further supplementing research found at: http://hackaday.com/2012/07/07/keyless-bmw-cars-prove-to-be-very-easy-to-steal/, showing how easy it is to steal a car using software hacking techniques:

Keyless BMW cars prove to be very easy to steal

by:Mike Szczys: July 7, 2012

A lot of higher end cars are now coming out with RF fobs that unlock and start the car. There is no longer a physical key that is inserted in the ignition. It turns out that for BMW this means stealing the cars is extremely easy for a sophisticated criminal. We always liked the idea of metal keys that ALSO had a chip in them. The two-tiered security system makes sense to us, and would have prevent (or at least slowed down) the recent rash of BMW thefts that are going on in the UK.

So here’s the deal. A device like the one seen above can be attached to the On-Board Diagnostic (ODB) port of the vehicle. It can then be used to program a new keyfob. This of course is a necessary feature to replace a lost or broken device, but it seems the criminals have figured out how to do it themselves. Now the only hard part is getting inside the car without setting off the alarm. According to this article there are ultrasonic sensors inside which are designed to detect intrusion and immobilize the vehicle. But that’s somehow being circumvented.

You can check out a keyfob programming demo, as well as actual theft footage, after the break.

Fob programming demo

Theft video

[Thanks Lee]

Supplementary research found at: http://www.bbc.co.uk/news/technology-29786320, documenting how although car thefts are currently lower than in they have been in the past; car thefts involving the hacking and reprogramming of the car's security system are currently rising:

Keyless cars 'increasingly targeted by thieves using computers'

By Dave Lee Technology reporter, BBC News

Image caption Range Rover said it was working with police to tackle those who re-programmed entry keys

Organised criminal gangs are increasingly targeting high-end cars with keyless security systems, a UK motoring industry group has warned.

The thieves are able to bypass security using equipment intended only for mechanics, the Society of Motor Manufacturers and Traders (SMMT) said.

Manufacturers are trying to stay ahead of the thieves by updating software.

It has been reported that some London-based owners of Range Rovers have been denied insurance over the issue.

The warnings echoed those made by the US National Insurance Crime Bureau (NICB), which earlier this year said it had seen a "spike" in car thefts involving equipment to spoof keyless entry.

Media captionRory Cellan-Jones: "Thieves are somehow getting access to the car's onboard computer"

Keyless entry and ignition typically works by the driver keeping a fob on their person which automatically opens the car and activates it so it can be driven.

As the popularity of keyless systems has increased, criminals have been buying equipment online that is able to re-programme keys.

"The criminal act of stealing vehicles through the re-programming of remote-entry keys is an on-going industry-wide problem," said Jaguar Land Rover.

"Our line-up continues to meet the insurance industry requirements as tested and agreed with relevant insurance bodies.

"Nevertheless we are taking this issue very seriously and our engineering teams are actively working in collaboration with insurance bodies and police forces to solve this continuously evolving problem."

Image caption Keyless ignition means drivers press a button to start a car

The statement added: "This has already resulted in a number of prosecutions."

A specific case reported by The Times involved insurers AIG refusing insurance cover to a motorist. In a statement the company said it treated every case individually.

"We do not have a blanket policy to exclude certain vehicles from cover.

"Given the increasing likelihood that replacement vehicles may be a target for thieves we may ask for additional security measures such as secure off-road parking.

"This could be, for example, secure private garaging or the installation of mechanically moveable bollards. If this is not possible then, as a last resort, we may refuse to offer insurance cover but only after exhausting every avenue."

Thatcham Research, which collates data on behalf of UK insurers, acknowledged the problem was widespread.

"Whilst BMWs and Audis appeared to be the early targets, it's fair to say that this was largely associated with their desirability across Europe, rather than any specific security lapse.

"Recently we've seen evidence of a range of makes and models being affected, including the Ford Fiesta and Focus, Range Rover Evoque and also now including light commercial vehicles such as the volume-selling Ford Transit and Mercedes Sprinter."

Weakest link

It is becoming much harder to steal cars. According to the UK Office for National Statistics, car theft has fallen from 318,000 in 2002 to 77,500 last year.

But thefts involving computer equipment used to circumvent security are rising. The SMMT is pushing for stronger legislation to help reverse this.

"The challenge remains that the equipment being used to steal a vehicle in this way is legitimately used by workshops to carry out routine maintenance," a spokesman said.

"As part of the need for open access to technical information to enable a flourishing after-market, this equipment is available to independent technicians. However a minority of individuals are exploiting this to obtain the equipment to access vehicles fraudulently.

"We need better safeguards within the regulatory framework to make sure this equipment does not fall into unlawful hands and, if it does, that the law provides severe penalties to act as an effective deterrent."

But Ian Crowder, from motorists' group the AA, warned the risk should not be overstated.

"By far the most common way of a car being stolen is still from thieves breaking into homes and stealing keys," he said.

"The keys are still the weakest link in a car security chain. If someone has your keys, they have your car."

The following videos show how easily car thieves can gain access to our cars using modern technology, and some of the products/systems which can be integrated to prevent such thefts:

https://www.youtube.com/watch?v=x1bVOmq7HCU

https://www.youtube.com/watch?v=dvmSOEKfkug

https://www.youtube.com/watch?v=pryM7EFRO2A