I have just read the below on pistonheads forum bit of a concern.
Hi,
There appears to be a lot of conflicting views about what is happening here.
I posted on another forum what a few of 'think' is happening and believe me I have met the guys that design and sell these 'rogue' tools.
It will not be solved by a software fix for any period of time (in our opinion anyway).
I'm posting a link as I just couldn't type it out again.
Apologies if that breaks a rule. If so then could someone copy/paste. It's next to impossible on iPhone!
Kind Regards,
E.
http://www.bmw-driver.net/forum/showpost.php?p=502...
Details on the link
For those that are interested there is a load of cr*p being said about this issue.
OBD standards in Europe are being blamed - this is NOT true. (and it's EOBD standards. The US version is OBDII)
There are lots of news articles suggesting that it's a 'brute force' hack of 'rolling codes' of the CAS system. This is NOT true.
The 'software fix' from BMW is very unlikely to work for long (see below).
---
The way this equipment works (the 'clone type' tools) can only be understood by understanding how the CAS works.
When you insert the key the CAS reads a code from the key. If this code is correct then the CAS authorises the Engine (DME/DDE) to start and releases the steering lock.
NOTE the the information travels from the KEY>CAS.
What this tool does is READ the stored key data from the CAS via the OBD port. This is not a software flaw but a hardware flaw allowing the EPROM of the CAS to be read by that method.
There is NO NEED for this function to be available for ANY DEALER or AFTERMARKET equipment for the legit motor trade.
Older models and indeed a lot of current models do not allow this. The CAS (or 'immobiliser control unit') must be physically accessed and the data read directly from it and in some cases directly from the chip or chips inside.
It's not 'encryption' that is wrong, it's that this data can be accessed through the standard diagnostic port.
For example, the latest Mercedes models require that you remove the 'EZS' (ignition switch) and read the data from it before 'flashing' a 'new' key. They don't allow access to this information through the DLC (Data Link Connector).
The software 'fix' from BMW will most likely just change the parameters of when the CAS is 'awake' (allowing communication) with a diagnostic tool. However even this is a problem as its possible to 'wake' the CAS by just joining two wires.
It's possible that BMW will also change the strategy of the DWA to improve security but this would be easily bypassed also.
I honestly believe that the only cure or fix for this is the change out of the CAS control unit itself with a revised model/unit that does not allow reading of the CAS chips through the DLC.
This would cost BMW an absolute fortune on all 'starter button' vehicles and I can never see it being done. Their bottom line is worth too much to them.
Kind Regards,
E.
Now: E70 X5 in Blue, 3 Minis Cooper S R53, JCW R56 & Cooper S Roadster R59 :drive:
Prev: Abarth 595C & 500C, E53 X5 4.4i, E88 135i M Sport, Audi TT Mk1 V6, 3 Smarts, 8 Vauxhalls, 4 Fords, 2 Triumphs, 1 Mini & Bikes
Never anthropomorphise computers. They hate that.
