On the car forum 1Addicts, a one-time poster by the name of “stolen1m” uploaded the video showing how his BMW was stolen in under three minutes. He suspects the thieves used devices that plug into the car’s On-Board Diagnostic (ODB) port to program a new keyfob.
In this particular video, there are a few security flaws that the hackers are exploiting simultaneously: there is no sensor that is triggered when the thieves initially break the window, the internal ultrasonic sensor system has a “blind spot” just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and last but not least, it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.
BMW has acknowledged that there is a problem, but is downplaying this particular issue by saying the whole industry struggles with thievery. This is unfortunate given that the evidence seems to point towards BMWs being specifically targeted. Whether that’s because they are luxury cars or because they have a security loophole doesn’t matter: the point is BMW needs to do something about it.
If you want to protect yourself from this hack, look into how you can disable the OBD port on your BMW by disconnecting the corresponding wires. If you or your dealer needs it, you can always reenable it. Alternatively, you can try to further secure the port in your own custom way.