Seattle Police got a present from BMW last month: a sleeping car thief, neatly locked inside a remotely shut down BMW 550i with no way to escape.
According to the Seattle Police Department’s blog, an enterprising car thief found a key fob mistakenly left in an unlocked BMW in a parking garage in Seattle’s University District during the early hours of the morning of September 27. The thief, a 38-year-old man who was carrying a small amount of methamphetamine, swiped the car and drove it about a mile, before calling it quits on his joyride to take a nap in an alley. This turned out to be a mistake, as the owner of the car reported it stolen at around 5 a.m. The BMW corporate offices were able to immediately locate the car, sent the SPD the coordinates, and, as police officers approached the car, remotely locked down all of the doors.
SPD blogger Jonah Spangenthal-Lee really put himself in the mind of the criminal for this one too, leaving this absolute gem of a paragraph (and flawless Watchmen reference) in the official police blotter for the day.
BMW employees were able to remotely lock the car’s doors, trapping the suspect inside, presumably while hissing something terrifying like ‘I’m not locked in here with you, you’re locked in here with me’ into the cars sound system.
BMW’s remote access app allows owners to lock and unlock their cars from their smartphone, but says nothing about sound system access. Their corporate center may have more options, but it’s unlikely that theft prevention specialists taunted the thief. Police “roused the suspect” who then tried — unsuccessfully — to drive off in the car again. He was arrested and booked into the King County Jail for auto theft and drug possession.
Best of all, the vehicle’s owner had gotten married a day earlier. She lent the car to a friend, who accidentally left the key fob inside and the car unlocked, because sometimes your friends are dumbasses right after a boozy wedding. Fortunately, she got her car back, and the SPD got the easiest grand theft auto arrest possible.
The Seattle theft was extremely low-tech, but high-tech exploits of connected cars are becoming more and more common. Remote access might be a great thing when a methhead decides to take a joyride/joynap in the front seat of your 550i, but if a dedicated car hacker wants to get in, all of the car’s fancy programming might work against it. BMW itself has been vulnerable: in 2015, the company had to step up security on its Connected Drive systems after German researchers found that its systems had basically no encryption on them whatsoever; and in July of this year, Jalopnik reported that the Connected Drive system was still so flawed that hackers could just break right into it from any old desktop browser. So while BMW corporate may be able to lock down a stolen ride, it’s a long way behind the digital security on other brands, like Tesla.