BMW Cars Vulnerable To Blank Key Attack

Most modern vehicles, like the BMW, have an on-board computer hidden in them. This computer basically controls the engine and makes sure everything is working correctly.

One of the functions this computer controls is the car’s electronic key that all BMWs have had since 2006. This electronic key communicates with the computer via radio signal and that allows you to start the vehicle. The electronic key has been made to allow a new key to be programed, should the old one be lost.

Someone has cracked BMW’s technology for programming the keys and managed to simplify the process. This process used to take 40 minutes and required specialist equipment.

Now there is a device that exists which allows anyone to access the on-board computer and program a blank key. It’s very easy to use and the process only takes little more than three minutes to complete. This device was actually designed and marketed for garages and recovery agents among other things.

With this key criminals are able to reuse them and make different keys for different vehicles. And as it works on many models of BMW and as it can be used repeatedly, although the price is high the criminals are happy to pay.

Video Breaking into BMW.

A BMW spokesperson response:

Criminal activity of all kinds is becoming increasingly sophisticated and particularly in this electronic age evolves with incredible speed. For highly complex, valuable and desirable products like cars, this has been a constant battle for manufacturers, legislators, the police and of course the owners of these cars. Organised crime has turned its attention to profits which can be made when stealing premium cars to order and selling them under false identities or, more often, breaking them up for parts and selling them piecemeal.

Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action.
However, BMW has always taken security extremely seriously and has worked closely with police forces around the country (and the world), with Thatcham and with the industry body, the SMMT (The Society of Motor Manufacturers and Traders) to understand and mitigate against car crime wherever possible. Therefore, when we were made aware of this new form of attack, we took it very seriously and immediately launched an investigation.

A vital point to acknowledge here is that there is no such thing as the ‘unstealable’ car, as Ron Cliff knows well. If a criminal decides they want your car, they will find a way to take it. Our job is to make it as difficult as possible.

Can BMW confirm it is aware of the issues raised above?
We are aware of this new type of high-tech car crime, which is certainly not restricted to BMW, but is an industry wide issue. Manufacturers and police forces are in a constant battle against the increasing sophistication of organised car criminals.

When did BMW become aware of the security issues outlined above?
We have a close working relationship with the Metropolitan Police and with Thatcham and first became aware of this new type of car crime in autumn 2011. We immediately started an investigation, which was a complex process to establish the exact method of attack and the technical implications.

What is BMW doing to rectify the security problems?
There is no specific BMW security issue here, this is something which affects many brands, however organised criminals have targeted particularly desirable cars, with higher value parts and that is why BMW is amongst the brands affected.

BMW prides itself on its vehicle security systems and all BMWs meet all UK and global security standards. Our engineers and technicians review all aspects of our vehicles constantly, including security systems, and after extensive research we are clear that none of our latest models – new 3 Series, 5 Series, 6 Series and 7 Series – nor any other BMW built after September 2011 can be stolen using the method you have highlighted.

For cars built before this date our investigations, jointly with the police, have identified late model BMW X5 and X6 as cars which have been focused on by organised criminals. We are now taking steps to mitigate against this type of theft for these two models and are contacting customers accordingly. For obvious security reasons we cannot say what these measures are.

Other models, including earlier M cars, as featured in your programme, are also being looked at to see if similar measures might be applied.

What advice can you offer your customers?
We agree with the general advice to customers given by the Police:

When using remote locking, ensure the car has actually locked by checking a door.
Be careful with your keys and who you give them too keys (e.g. valet parking). There is a risk that they could be cloned.
Where ever possible park your car out of sight, in a locked garage or under the cover of CCTV cameras

In addition: We recommend servicing your BMW at dealerships capable of providing software updates (e.g. authorised BMW Dealerships) on a regular basis to give the opportunity of further enhancing theft protection.

I am pleased to say that we have now had further information from our technical team which means that we will be able to offer the same mitigating measures mentioned in relation to X5 and X6, to any concerned BMW owners, starting within the next eight weeks. This will mean that the car cannot be taken using the piece of equipment you highlight. Of course this will not render the car unstealable, but it will address this particular form of attack.

Any customer who is concerned about this issue can contact our customer service department on 0800 083 4397 or their dealer, either of which will happy to advise.


One thought on “BMW Cars Vulnerable To Blank Key Attack

  1. Dear Sirs,

    In Jan 2012 I bought from BMW Dick Lovett a BMW X6 , one year old with 10,000 miles , in April the car was stolen from outside my home, some weeks later the police found the car in a container at Southampton docks and impounded it for forensic tests which took a total of 3 months , at the end of July the car was released and delivered to BMW Holland Park , due to the amount of work ( 55 hours labour) that was required my insurers decided to have the works carried out by BMW Heathrow although prior to having it moved the new updated security patch was installed on the 31st August. I finally got my car back in showroom condition three weeks ago and believe it or not the car was stolen last night from exactly the same spot as before. I have just spoken to Mr Sukh Bhamra customer service manager at BMW who has told me that the new security patch was to give their clients “peace of mind” and that I should contact my insurers as their is nothing BMW can or will do……what a joke!
    It is quite frankly outrageous that BMW are turning their backs on customers and refusing to admit that their is a serious security fault with their top of the range models.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s