Thieves Cracking Security Codes to Get Into Cars

By Hum
in The Neobahn

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

Just after 1:00 a.m. one August night, a man calmly walked up to a locked car parked on a downtown Chicago street and within seconds -- without a key, without any force -- was sitting in the passenger's seat. If you witnessed it, you wouldn't think anything of it. It was just a man getting into his car.

Except it wasn't his car. It was someone else's, but the man had easily broken in and could now steal whatever he wanted. Thieves, it seems, have figured out a way to unlock cars equipped with security systems, all without so much as breaking a window or even jimmying a lock. While they are not actually stealing automobiles yet, they are able to steal belongings found inside locked cars.

That car in Chicago belongs to Michael Shin, who thought he was losing his mind when his sedan was robbed. Shin, after all, had locked the car, but now his belongings had been stolen with no sign of forced entry.

"I kept thinking, 'How did they gain access to my car if nothing was broken?'" he told ABC's Chicago station WLS-TV.

Fortunately for Shin, the answer was right there on his home security video, so he got to see how the robber had done it.

"He walks past my car, the dome light comes on and he kind of stops in his tracks and walks right into the car," Shin told WLS. "It's mind-boggling how smart they are to build some sort of a device or an app or something that allows them to steal easily."

It wasn't only Shin's car that was robbed -- his neighbors' were, too. Wireless signal experts think some car thieves have cracked security codes, so they are able to send the same unlock signal that an owner's key transmitter uses.

"It's quite possible that they already decrypted the code, they actually have the key of the car, so they can open it any time they want," Xang Xiu, a professor at the Illinois Institute of Technology, told WLS.

"We believe that this code-grabbing technology was utilized and we are looking into it and investigating," the Chicago Police Department's Andrew Schoeff told WLS.

The technology that keyless entry systems use has become much more complicated since 2010 and now changes the codes on a regular basis, but for systems that were built before then, it's a different story. And that has left locksmiths like Bill Plasky feeling dumbfounded at how thieves are now exploiting outdated systems to open cars like Shin's.

source & video

Veteran

Twiddle

Posted
Posted

1. Have insurance.

2. Never ever leave anything of value in a vehicle.

3. Leave it unlocked. If a thief wants in, they will get in. Better than a broken window, and nothing lost when you keep nothing of value in the car. If they steal the car itself, insurance will cover it.

I've done these three things for around 10 years (the unlocked part I started a few years ago). I've had my CD player stolen twice in this time, and the two times it got stolen, I had to replace my windows, because I accidentally locked the car and they busted them out. Now I always make sure to bring my faceplate inside with me.

It sucks having to do this crap, but it is the world we live in. =/

Grand Master

123456789A

Posted
Posted

1. Have insurance.

2. Never ever leave anything of value in a vehicle.

3. Leave it unlocked. If a thief wants in, they will get in. Better than a broken window, and nothing lost when you keep nothing of value in the car. If they steal the car itself, insurance will cover it.

I've done these three things for around 10 years (the unlocked part I started a few years ago). I've had my CD player stolen twice in this time, and the two times it got stolen, I had to replace my windows, because I accidentally locked the car and they busted them out. Now I always make sure to bring my faceplate inside with me.

It sucks having to do this crap, but it is the world we live in. =/

Just leave your windows rolled down while you're at it.

Veteran

Twiddle

Posted
Posted

Just leave your windows rolled down while you're at it.

I don't understand the sarcasm. It is better than a broken window just to leave it unlocked. If people wouldn't leave valuables in their vehicles in the first place, they would have a lot less to bitch about when it does get stolen.

Grand Master

123456789A

Posted
Posted

I don't understand the sarcasm. It is better than a broken window just to leave it unlocked. If people wouldn't leave valuables in their vehicles in the first place, they would have a lot less to bitch about when it does get stolen.

No, you have a good point. I follow the same thing except for leaving the doors unlocked. I have nothing in my car worth taking, unless someone really wants a tape player.

Grand Master

Arachno 1D

Posted
Posted

By John Leyden

Posted 17th September 2012 11:52 GMT

BMWs and other high-end cars are being stolen by unskilled criminals using a $30 tool developed by hackers to pwn the onboard security systems. The new tool is capable of reprogramming a blank key, and allows non-techie car thieves to steal a vehicle within two or three minutes or less.

On-board diagnostics (OBD) bypass tools are being shipped from China and Eastern Europe in kit form with instructions and blank keys, says a news report linking the release of the tool to a spike in car thefts in Australia, Europe and elsewhere during 2012. Would-be car thieves need to grab the transmission between a valid key fob and a car before reprogramming a blank key, which can then be used to either open the car or start it, via the OBD system.

http://www.theregister.co.uk/2012/09/17/bmw_car_theft_hack/

Veteran

mycoolkim

Posted
Posted

Having a modified car, insurance companies wont pay up the excess in mods (my problem). Theifs are a bloody nusaince -_- Just get a heavy duty car alarm system and a kill switch installed. Anyone who leaves valuable equipment inside a car for long periods of time as an idiot.

Grand Master

Kami-

Posted
Posted

1. Have insurance.

2. Never ever leave anything of value in a vehicle.

3. Leave it unlocked. If a thief wants in, they will get in. Better than a broken window, and nothing lost when you keep nothing of value in the car. If they steal the car itself, insurance will cover it.

I've done these three things for around 10 years (the unlocked part I started a few years ago). I've had my CD player stolen twice in this time, and the two times it got stolen, I had to replace my windows, because I accidentally locked the car and they busted them out. Now I always make sure to bring my faceplate inside with me.

It sucks having to do this crap, but it is the world we live in. =/

#3 - If you leave a vehicle unlocked; your insurance sure as hell won't cover it.

  • oliver182, SoCalRox and Japlabot
  • Like 3
Mentor

+Neowin User 007 Subscriber²

Posted
  • Subscriber²
Posted

Thieves can get into a car without an issue, yet my stupid Homelink mirror still can't pick up the most common gate opener at every condo complex ever due to the supposedly "unshared codes" that said gate uses.

Veteran

Twiddle

Posted
Posted

Uhh no, they won't.

Yes they will. It is called comprehensive coverage. Yes, they will ask you if it was locked, if the keys were in it, etc... But they don't know anything other than the answers you give them.

Perfect example, my old boss many years ago was starting to dislike his truck. When he took a trip to Atlanta, he left the vehicle running, on purpose, with the driver door open. Of course it got stolen, and thanks to his coverage, and the claim he made, it was covered.

Grand Master

Rohdekill

Posted
Posted

I don't understand the sarcasm. It is better than a broken window just to leave it unlocked. If people wouldn't leave valuables in their vehicles in the first place, they would have a lot less to bitch about when it does get stolen.

Except if you take into account that there are also a lot of fools out there in the world. I've seen cars locked and sunroof's open. Nothing of value inside the very nice car....at least it was nice until some teens decided to use the sunroof as a trash can and poured a McDonald's soda and shake through it and run off.

I'm also quite certain most Chicago people don't prefer some homeless guy using their unlocked car as their personal bedroom or worse....toilet.

Grand Master

+Mirumir Subscriber¹

Posted
  • Subscriber¹
Posted

:sleep:

Such unlocking devices have existed since remote control keys were invented. Ten-twenty years ago they used to cost between $10,000-50,000. I don't know about the current prices today, but I assume they've come down a lot.

1. Have insurance.

2. Never ever leave anything of value in a vehicle.

3. Leave it unlocked. If a thief wants in, they will get in. Better than a broken window, and nothing lost when you keep nothing of value in the car. If they steal the car itself, insurance will cover it.

I've done these three things for around 10 years (the unlocked part I started a few years ago). I've had my CD player stolen twice in this time, and the two times it got stolen, I had to replace my windows, because I accidentally locked the car and they busted them out. Now I always make sure to bring my faceplate inside with me.

It sucks having to do this crap, but it is the world we live in. =/

Please correct me if I'm wrong, but I'm under the impression that a car owner has to take each and every precaution NOT to get their car stolen. It's in the contract. You can't "wave a sign" on your car "please steal it" by leaving it unlocked all the time (unless you live in rural areas) and expect to collect your payment when it does get stolen.

If it was easy like that, I'd be the first to park my old minivan unlocked in a ghetto...coz the insurance would pay me more than the car's current market value.

And why not leave the keys in the car too? It will save you the trouble of repairing the cracked ignition later on.

Grand Master

+hedleigh Subscriber²

Posted
  • Subscriber²
Posted

Yes they will. It is called cheating the system. Yes, they will ask you if it was locked, if the keys were in it, etc... But they don't know anything other than the answers you give them.

Perfect example, my old boss many years ago was starting to dislike his truck. When he took a trip to Atlanta, he left the vehicle running, on purpose, with the driver door open. Of course it got stolen, and thanks to his coverage, and the claim he made, it was covered.

There, fixed that for you.

That's one of the reasons that comprehensive insurance is so expensive.

  • djdanster, 123456789A and jamieakers
  • Like 3
Grand Master

n_K

Posted
Posted

This made... news?

It's common sense and isn't hard, it's called RF sniffing and has been done in practise for a VERY long time now.

Record what RF signals are around, go back later and replay them, oh look, car unlocks!111one

Contributor

Liquidfox

Posted
Posted

This made... news?

It's common sense and isn't hard, it's called RF sniffing and has been done in practise for a VERY long time now.

Record what RF signals are around, go back later and replay them, oh look, car unlocks!111one

That's the problem though, it's not that simple. At least with most EU manufacturers, the fob and immobiliser work on rolling codes. Every time you press the fob the code changes, this means you can't just simply replay a captured code.

Grand Master

HSoft

Posted
Posted

That's the problem though, it's not that simple. At least with most EU manufacturers, the fob and immobiliser work on rolling codes. Every time you press the fob the code changes, this means you can't just simply replay a captured code.

Not quite sure I get this. It's a decent idea but...

I have 2 keys for my car. My wife has one and I have one. I press to unlock the car, the fob and the immobiliser change codes. Haven't I just made my spare key completely useless?

Maybe a hash based on time stamp or something but I think the above method is a little impractical.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • New PowerToys update fixes memory leaks and other issues

      By Dutchie64 · Posted

      Yup, that's a doozy right there 😄
    • New PowerToys update fixes memory leaks and other issues

      By Dutchie64 · Posted

      It's a bundle of tools created by a variety of people, so things can go wrong sometimes. It's a great addition to Windows, and I use a lot of the tools on a daily basis. Also, it's still a 0.**** release so quick updates are to be expected 😉
    • Why Delta Chat is the best decentralized messenger you have probably never tried

      By Nas · Posted

      Oh, I did. And it's even worse than I was hoping! Besides a lot of techno-babble jargon (yes I understand 100% of it but it's still all just techno-babble) there's 2 key points that make me super-weary about even considering testing this out. -- By default, after installation, a relay is automatically set up, so you do not need to care about that. * Non-chatmail apps use email servers as a long-term message archive while chatmail clients use email servers for ephemeral instant message relay. * Supporting the full variety of classic email setups would require considerable development and maintenance efforts, and complicate making chatmail-based messaging more resilient, reliable and fast. -- Basically, the end-user device is the 'server' (relay) so there is NO ARCHIVING whatsoever because every message is necessarily ephemeral. Great for techno-paranoia (and for illicit activities preferring no tracks to cover) but terrible for everybody else. It's also ironically contradictory to engineering principles of redundancies besides the transport layers due to the explicit absence of any persistent storage. Instead of 'classic email address' retaining multi-GB messaging archives on its server, now every device must retain 100% of those storage demands. (Email messages were originally meant to be short correspondences, not the multi-MB attachments boondoggle that now exists with unlimited spam engines flooding every potential recipient.) Any device swap or reset (or loss) makes the entire message history go bye-bye forever... lest there's an off-device auto-archival "relay" mechanism that's really a separate server that holds onto all transported messages (an email server) that utilizes 'chatmail email address' identities (like an email server) and its own persistent storage archive (like an email server). But... this solution is hoping to exist alongside real-world email address identities (based on the email server relay pathway) but simply render messages in chat thread format in an ephemeral manner (with contents being encrypted, and messages auto-expiring) ... In the end, it's a chat app/experience for the Web3/P2P-at-all-costs zealots. (I have accts on all sorts of federated web3 services so I understand the technical and non-technical alike.) For any practical users, however, it's just another service to download/install, register, cross-share id cards/qr codes, but know that there's no history/archive whatsoever (by design) so no account/message recovery whatsoever... update the device, install a bummed update patch, or dare upgrade your device... all history, poof, gone. Ya gotta start everything over again like they're a brand new person.
    • You've tried DuckDuckGo and Brave Search, now get serious with SearXNG

      By zikalify · Posted

      You've tried DuckDuckGo and Brave Search, now get serious with SearXNG by Paul Hill Over the last decade, it has become quite trendy to dump Google Search in favor of privacy-preserving alternatives such as DuckDuckGo, Startpage, and Brave Search. These search engines have done a very good job at highlighting dodgy practices by Google, such as adjusting search results based on what it thinks you’ll like (filter bubble) and stalking you around the web to advertise to you. While these search engines are good starting points when compared to non-private services like Google, there are still quite a few issues with them. For example, both DuckDuckGo and Brave Search require running non-free JavaScript in your web browser, which is comparable to running proprietary software on your computer, meaning you can be sure about what it’s actually doing in the background. Another issue is that these search engines are hosted on the respective companies’ servers, and you are using a service that you don’t control. Finally, DuckDuckGo, while offering privacy features, relies heavily on Microsoft’s infrastructure for its results and, in the past, has permitted Microsoft tracking scripts. If you are looking for a more private search solution than DuckDuckGo, Brave Search, and Startpage, then I recommend taking a look at SearXNG. It is a privacy-respecting metasearch engine that can be used via different public instances, which is useful for mobile users, or you can install it on your computer or server and run it locally with maximum control. Unlike Google, Bing, or Brave Search, which crawl the web and have their own search indexes, SearXNG is a metasearch engine, meaning it taps other search engines, stripping your identifying data, such as IP address, user agent, and cookies, in the process. Your search query is sent to the other search engines you enable before aggregating the results. SearXNG has deployment flexibility. If you are a casual user or a mobile user and don’t want to run SearXNG locally, you can use a public instance that is hosted by someone else. The main problem with this is that you are putting trust in the maintainer of the instance regarding stuff like logs that they may keep; good hosts should have a privacy policy explaining their policies. If you are trying to use SearXNG, you can also install the software on your device and then head to 127.0.0.1:8080 in your browser and search from there. While you don’t have to worry about a third-party admin like the public instances, search engines could ultimately block your IP address if they frown on you pulling in their search results locally. If you want to run it locally, it’s a good idea to use proxies or VPNs to hide your actual IP. You don’t have to worry about this with a public instance, as search engines never see your IP address. The main privacy benefit of using SearXNG is that it isolates your identity from the underlying engines that it’s capable of searching, such as Google and Bing. These search engines will only see requests coming from a generic server, so they can’t profile you and create a bubble filter that influences what results you see. This also ensures that your search engine doesn’t turn into an echo chamber that prevents you from reading alternative points of view. As a free software project, you are allowed to inspect SearXNG to make sure there are no negative features bundled inside. This sets it apart from the privacy search engines mentioned earlier because you can’t check their source code. As a meta search engine, you are not restricted to getting results from one source. Due to the fact that it scrapes content from other websites, your SearXNG instance will periodically get blocked from different providers, so it’s good to select a range of sources as a backup. While enabling all of the services will give you great results, this can make searching slower. I am personally happy with slower searches for the best results, but you can always check which providers are slowing down your search from the search results page and disable them to speed things up. If you want decent results quickly, enable the main search providers such as Google, Brave, DuckDuckGo, Qwant, Bing, and Yahoo. This way, you get wide coverage without the latency. On the Engines tab in Preferences, do note that there are different tabs, such as General, Images, and Videos, with their own providers that can be toggled and are not covered by "Enable all" while on the General tab, so be sure to dig into each. Just a note, if you want to enable everything, press "Enable all" in one tab, then hit save at the bottom of the page, then do the next tab, and so on. If you press "Enable all", then do that in each tab, and then save, nothing will stick. When I had just some of the search engines enabled, I searched “define nefarious” and results came back with the definition of “define” - obviously that was a sucky result. However, when I had everything enabled, it found dictionary pages for the word “nefarious” and even had an inline definition on the sidebar, which is quite nice too - that was delivered by WolframAlpha for anyone wondering! Probably the worst thing about this meta search engine is that the engines you select are saved with a cookie, so you must enable them on every new device you use SearXNG on, including if you decide to go into incognito mode with your web browser. Honestly, I would say this is the most annoying aspect, and perhaps if your browser lets you choose a separate private browsing search engine, then it would be best to use DuckDuckGo for this portion of your browsing. Another weakness of SearXNG is the random blocking of it by search providers. When you are on the results page, expand the “Response time” box, and it will show things like “Suspended: too many requests” or “access denied”. This is why it is good to enable several providers so that there is always a fallback to get results from. I won’t pretend SearXNG will be for everyone, however, if you enable all of the providers and put up with the slower response time, the results can be really amazing. Even if you don’t want to use it as your daily driver, keeping a bookmark handy that links to it is a good idea if you ever feel like doing a deep dive into a niche topic where other search engines are just failing to bring up any good result, due to the amount of sources it looks on. If you’re interested in radical user control over the software you use, installing SearXNG locally can also be a good idea, but be prepared to be temporarily blocked from sites if you trigger bot sensors without a VPN. Personally, I’ve opted to use a public instance, rather than install it myself. If you want to use it via a public instance, head over to searx.space to find a provider. Let us know in the comments if you have used SearXNG or its predecessor, Searx. What do you think about the quality of the results?
    • Windows 11 is getting redesigned taskbar settings in new build

      By Captain_Eric · Posted

      Dear Neowin, If it is not too much trouble, can you start using the new-ish designations for Insider Preview? "Experimental" is different than "former Dev" as it can apply to different models, eg 26H1 or 26H2 etc, right? No need to seed confusion IMHO. And, please "finally" update your graphics. OK?

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      503
    2. 2
      +Edouard
      226
    3. 3
      PsYcHoKiLLa
      158
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!