Thread: Security update
View Single Post
      11-19-2012, 01:28 PM   #3
Artemis's Avatar

Drives: BMW M2 (MG 6MT)
Join Date: Jun 2011
Location: Belgium

iTrader: (0)

To OP: check/inquire whether your 1M gets the firmwire reflash, or whether the action is limited to "convert convenient opening", or whether you get both:

On the basis of information made available very recently on other BMW dedicated forums, it seems that there are now two types of security fixes implemented in the UK (upon demand of customers):
  • OBD key programming: you all know the story by now (CAS Module access using an EDILOCK BMW key programmer); a fix avoids key cloning (firmware reflash); this "OBD security fix" takes more time to implement than the "convert convenient opening" fix (see next bullet point);
  • window-rolling feature: if you keep pressing the unlock button on the 1M keyfob, or insert the 1M key into the door lock and keep holding it in the unlock position (to the left), the alarm disarms + both windows roll down as long as you hold; if you keep pressing the lock button on the 1M keyfob, or insert the 1M key into the door lock and keep holding it in the lock position (to the right), the alarm arms + both windows roll up as long as you hold (try it, if you don't believe it ); thieves abuse the window-drop feature by inserting a key or object into the door lock, in order to allow themselves a quiet entry and subsequently abuse the OBD with a disarmed alarm; with a quick fix ("convert convenient opening") the window-rolling feature still works as usual with the keyfob but no longer with the door lock (window-rolling feature is de-activated if the door lock is used); someone posted a copy of the PuMA of the "convenience opening" or "comfort opening convenience" modification on; an M3 owner also quoted this document at
See also:
"Vulnerability: Vehicles fitted with CAS 2 and CAS 3 modules, can have a new blank immobiliser key programmed with certain 3rd party automotive locksmith software, via the OBD socket, and thus be stolen without the original keys.
Solution: Take your car down to your local BMW dealer or a technically proficient BMW electronics specialist, and ask for the SOPT-enabled CAS (Car Access Sytem) firmware update. Cars with the SOPT-enabled CAS firmware, can only have a new immobiliser key programmed if another original immobiliser key is present. If you have had your car serviced at a BMW dealer within the last year, chances are you already have the SOPT update. Older BMW cars fitted with EWS, EWS 2 and EWS 3 modules are not affected by this vunerability. New F-chassis BMW cars are also not affected by this vunerability, as they are fitted with CAS 4 modules which already have the SOPT feature enabled"

There was an announcement made to our dealership this afternoon [Nov 16, 2012] that re-programming is now available for ALL models from 2005 onwards.
It is a 20 minute programming job that all main dealers will have the software for. The programming is also completely free of charge regardless of age. It adds a new layer to the encryption that is unaccessable to anyone except a BMW dealer.
It has been announced that work will be carried out ONLY when requested by customers, so don't expect your local dealer to be on the phone to you on Monday morning (unless you have already contact BMW customer services, at which point you are already on a "to contact" list).
Spread the word."

(source: - comment #8)
"How can this be an extra layer of encryption when the EU laws that gave rise to this problem insist that people other than BMW dealers must be able to prepare new keys?
Are you taking about encryption from the OBD port to the CAS module or encryption from the key to the CAS module? Or something else?
Is this fix a replacement for the one that BMW has been applying already, which supposedly just stops the windows rolling down after a screwdriver is forced into the lock? Or is it in addition to that fix?
How is the car going to behave differently after this fix (or these fixes, if we are now talking about two) is applied?
Apologies for asking several questions, but you'll understand that people have had to take action and protect themselves without any help for the past few months, and consequently now need to understand just what vulnerabilities have been removed and what might remain.

I appreciate your concerns and you ask good questions. I will look further into this on Monday [Nov 19, 2012]. I only had a skim read of the details on Friday, but from what I have read it stipulated that there was a new 'layer' which required the use of BMW dealer software to access. It involves programming the CAS through the OBD. My manager has also been asking questions to BMW UK about the matter in question, but details are sketchy at the moment.
The fix itself will definitely cure the programming of blank keys, but I don't think it mentioned the window drop (the key word in that sentence being 'think'). Most cars nowadays have the window-drop feature if you hold the unlock button on the key or insert the key into the door lock and hold it in the unlock position [...]. As long as there are nice cars, there will always be thieving b*****ds finding their weak points.
If it's any consolation, the programming of keys doesn't effect only BMW's. The programming software works on any car with an OBD port and fob remote. The new Fiesta has also been a common stolen car recently with the keyless go technology. Any mid/high spec car with this faces the possibility of being stolen, but unfortunately for us, BMW's are better than Ford/VW/Audi etc and are more 'stolen to order'. After all, if you have the technology, would you steal a £12k VW Passat or £40k 3 Series?
Hope that helps for now, will stay in touch "

(source: - comment #5)
See also:
“For ’tis the mind that makes the body rich” (W. Shakespeare, The Taming of the Shrew, Act 4, Scene 3)

Last edited by Artemis; 11-22-2012 at 08:34 PM.