EU law (Score 1)

Does everyone really think that a company as large and professional as BMW made its cars vulnerable simply due to an oversight?

Here in the EU it is illegal for a car manufacturer to encrypt the comms between the diagnostics port and anything connected to it -- so that local garage mechanics can compete for the servicing of cars along with the manufacturer's service centres. Unfortunately it is this diagnostic port that is used to reprogram keys. Admittedly it doesn't help that the port is in the footwell.

BMW effectively have their hands tied by EU bureaucrats and I'd be surprised if other manufacturers aren't affected by the same rules.