CCTV footage shows crooks using some kind of universal keyless entry fob

Discuss

54 Responses to “CCTV footage shows crooks using some kind of universal keyless entry fob”

    • Antinous / Moderator says:

      I was thinking of that movie earlier today. I went out and bought a new car stereo after I saw it.

      • miasm says:

        I destroyed every one of my Jason Donovan albums practicing that flip thing but I could never quite get it right.

  1. Chris Green says:

    They mention the thefts occurring in people’s driveways, and it being a little unreliable. Perhaps they are using a transmitter and amplifier to relay the signals between the car door and the key real key fob which is most likely located somewhere in the person’s house./

    • ocker3 says:

       Now that’s interesting, perhaps the real advancement they’ve made is getting the owner’s key fob to answer, and they use that signal to unlock the car

  2. I heard a suggestion that you can trigger air bags by hitting an accelerometer, even when a car is stopped and locked, and that when the airbags fire the car unlocks for safety reasons. Not saying that this is the case here, just that there might be other ways to unlock a car.

  3. John Boggs says:

    I’m not convinced they’re using a device. People accidentally leave their cars unlocked all the time, and thieves go around testing handles.

    • kaellinn18 says:

      This is the correct answer.

    • dculberson says:

      I thought the same thing, but at least once you can see the interior light come on before the people touch the door handle, which is what happens when you hit the unlock button on the fob.

  4. TwinCitiesLiberal says:

    There must be some tech out there allowing emergency responders or car technicians to bypass the unique crypto-key on the fob. Some dude figured out what it was.

  5. Leo says:

    Maybe they’re stealing cars? I’m a detective. 

  6. Ric Helton says:

    It took me two minutes of searching to find this link, which sounds like the likely suspect in this case:  http://www.technologyreview.com/news/422298/car-theft-by-antenna/

    • bardfinn says:

      I have good reason to believe you are correct. This is a variant of the classic man-in-the-middle replay attack, one I’ve seen termed a Farva (after a character in “Super Troopers” who gets goaded into exclaiming “Shenanigans?!”)

    •  So when you get home, you should put your keys in a faraday cage.

      • ocker3 says:

        Or more than 10 metres from your car. I guess some people put their keys near the garage, it makes sense from a certain point of view to put the keys near the door you’d use to get to your car. 

  7. Isabelle Lafreniere says:

    He actually doesn’t have a device in his hand. It just looks that way because there is a shadow from the door handle. Before he walks up, you can see two dark dots, which indicate each end of the door handle. The light space in the middle is the main part of the handle. Watch: he places his hand on the main part and the same dark spot doesn’t move, neither before or after he touches it. He doesn’t block the light source and shouldn’t be able to cast a shadow in that spot. Also watch his hand as it moves away from the door. It slides open-palmed around the edge of the door. Such a motion would be unnatural for someone holding an item but very natural for someone who just released a door handle. The accomplice also clearly has nothing in their hand. I think the comment above about the locking signal being jammed seems the likeliest, assuming the door wasn’t just left unlocked.

  8. Captdrastic says:

    Glove box is on the passenger side.  It’s probably just more efficient to loot a car from that side.

    • Warren_Terra says:

      Yup. Also, the driver’s seat is typically occupied by the driver – so any items they have placed to hand will probably be in the front passenger seat.

      On the other hand, the trunk release is on the driver’s side, and I guess they’re not bothering with that?

      • IronEdithKidd says:

        I have a 2002 Acura and a 2010 Toyota.  If you hit the unlock button on the door inside the cab, you unlock the entire vehicle.  Also, I’ve owned 5 Japanese cars from model years 1977 to 2010,  on each of those vehicles, that release on the floor, left of the driver, opens the gas tank cover. 
        I’m now curious as to what car has a trunk release on the driver’s side?  That Caddie in the video should have a yellow button on the left wall of the glovebox for a trunk release.  

        • Gyrofrog says:

          Hondas have both the trunk release and the gas tank cover release next to the driver’s seat.

          • IronEdithKidd says:

            That’s what you get for having a Honda.  /s
            The new TSX doesn’t even have the gas release on the floor anymore.  Trunk release is in the door well below the armrest/window controls.
            All the fancy stuff eventually trickles down to Honda, you’ll just have to wait a few years.  My Acura cost only a grand more than the comperable Honda, and the differnce in service levels between the two dealerships made that a grand very well spent. 

  9. swishercutter says:

    I suspect 2 things could be related to the passenger side of the car. 

    1) As others have stated the steering wheel is not in the way allowing easier looting without the possibility of bumping the horn, brakes etc.

    2) I googled Acura MDX alarm antenna location and it indicated it is behind the glovebox…this leads me to believe it works better in proximity to the antenna.

  10. Bill Brooks says:

    it is a rolling code hack, nothing more. cars have very weak electronic security and are vulnerable to a variety of attacks.  

  11. Bill Brooks says:

    it is a rolling code hack, there is a re-sync vulnerability in some cars. cars have notoriously crappy security, and is doesn’t take much to exploit it

  12. MrQuagmire says:

    My car with no keyless entry and no power locks finally has an advantage!!

  13. robuluz says:

    Why do you guys have to have your registration papers with you in the car, anyway?

  14. Cowicide says:

    If you prefer to skip the ad, fluff and speculation and just watch the act itself, here ya go (fer christ’s sake):

    http://i.imgur.com/lFC9GRp.gif

    It doesn’t show the second guy, but it’s the same thing.

    • Cowicide says:

      Disqus just jumped to a new layer of suck with handling animated gif links.  Tried to delete the post, but no go.

      I tried a ninja move on Disqus below, see if that works better…

  15. Cowicide says:

    If you prefer to skip the ad, fluff and speculation and just watch the act itself, here ya go (fer christ’s sake):http://i.imgur.com/lFC9GRp.gifIt doesn’t show the second guy, but it’s the same thing.

  16. stuck411 says:

    Who’s to say that with the compromised databases in the past few years, a few of them couldn’t have been the big car manufacturers or the subsidiaries? I’d argue that someone could have the codes/algorithms. If you were to lose your keys you’d go to a dealership & pay some big bucks to have another keyless entry fob & key set made. Those codes must reside in some computer somewhere, and it was probably compromised. It’s probably a brute force attack. It might get tweaked if the model of car is known, but it explains why it doesn’t work on all of the cars (those algorithms were not hacked). The guys doing the stealing aren’t the ones manufacturing the fobs, that’s for sure.

  17. bolamig says:

    A friend just had a very old Saturn SL1 stolen for a joyride, then got it back.  The police recovered a keyring with thirty Saturn keys (this car was before chipping of any kind), which apparently are enough to open any such car.  

    I recently lost the key for my bike lock and learned via a youtube video that this particular model can be opened with just a blank key.

    I had another combo lock where all you had to do was cut off the flimsy plastic cover to see the what combination had been set.

    Point being that even though a system should have enough combinations to make it prohibitive to go through them all, there are often implementation details that ruin the security. 

    And there are user errors like forgetting to press the lock button.

  18. Lilah says:

    This happened to me about 5 years ago (or at least that’s the conclusion I came up with. Possibly the thieves employed one of the other strategies presented in the comments). At the time I was driving a Honda CR-V and had parked in a near empty parking lot on my undergrad campus on a Saturday to go to some function. The thing I remember most distinctly is that I manually locked the doors of the car with the key because mysteriously, the key fob would not work although it worked fine when I got in the car at my house. When I came back from my function, I tried the key fob again. It worked. I got in the driver’s side and was about to drive away when I realized my passenger side door was slightly ajar. The only thing stolen was the GPS in my glove compartment.

    Neither I nor the police found any signs of forced entry, and the cops chalked it up to me forgetting to lock the doors. But as I said, I had manually locked them.

    • Gyrofrog says:

      How old was that CR-V at the time?  By “manually locked” do you mean you pushed the electric swith, or physically pushed down the lock stem?  Maybe the passenger side was still unlocked.

      My Accord is about 14 years old, and the electric lock is getting unreliable on the passenger side. If I push the lock stem down, or use the key from the outside, it locks.  But using the electric lock switch, or the remote fob, sometimes will only lock the driver’s side (so no “beep”).

      • Lilah says:

        By manually locked I mean I put the key in the keyhole from the outside. This was a 97′ CR-V, first generation.

  19. CDD says:

    Article from 2011

     http://jalopnik.com/5736774/how-hackers-can-use-smart-keys-to-steal-cars

    PDF from the same article if you didn’t catch it.

    http://eprint.iacr.org/2010/332.pdf

  20. peregrinus says:

    Yeah, the glove box is on the passenger side.  That’s where I stash my fancy watches.

  21. peregrinus says:

    My car (VW) makes a definite (click-clunk) sound as the locking mechanism works, and the lights flash.  You really know it’s locked, and I press the fob until I get that confirmation.  If I didn’t get that, I’d move the car.

  22. technogeekagain says:

    Speaking as a locksmith: That video looked more like “you forgot to lock the car.” Which is more common than most folks want to admit.

  23. JustinKalb says:

    The moral of the story is,  don’t leave valuable stuff in your car on the street.  or in your driveway.  Even without hacking the keys, the windows are not impenetrable.  Having lived in Chicago for about 8 years pretty much every one of my cars has been opened in some way.  EVERY time it was because I left something on the seat / in view that would spark the interest of the local thugs.

  24. briefer says:

    Might be a car version of the infamous “TV B Gone” universal remote. Some guy has figured out the access codes for all major TVs. You carry your TV B Gone into a restaurant and, if it has a loud TV on, or if it is tuned to a channel you don’t like, take your TV B Gone out of your pocket and turn it off. 

    https://www.tvbgone.com/cfe_tvbg_main.php

  25. Mike Jackson says:

    I have a hard time believing that the ‘encryption’ that the locks use is really that robust. It could be a case to me of thieves just aiming some sort of antenna at the car as the owner locks or unlocks it, waiting for them to go away and then rebroadcasting the signal they record of the code back at the victim car to get it to unlock again. To me an accomplice wheel-man in another car outside the picture is most probable in this case who is remotely unlocking the car while the  guy doing the car entry/theft will have a way to bail and get away from the scene in case the car owner comes back. One can waste a lot of time thinking of how complex and hi-tech this magic tech is that they are imagined to be using when it’s more likely to be something very simple and low-tech in reality.

  26. greenberger says:

    Brian Snow, a security expert who worked for the government for a long time, talked about just this during a panel at the 2012 World Science Festival. According to him, breaking into cars this way is pretty doable, and that was 12 months ago. Is this really such a puzzle?

    You can watch the full program here. Don’t ask me when in the program he talks about fobs:

    http://worldsciencefestival.com/videos/keeping_secrets_cryptography_in_a_connected_world

  27. Thebes42 says:

    My guess…
    There is no fob transmitter opening the doors.
    There is a jammer used to keep the vehicle from being locked in the first place, and the thief merely fakes the use of a fob to look inconspicuous and conceal the jamming.
    This explains why the lights don’t flash when “unlocked”.

  28. Luke says:

    This was posted to hackaday and they were discussing all the super complicated ways this could be achieved but having met a few people that make a living committing petty thefts before I can say most of them are lazy, which is why they make their living that way.  

    The answer is going to be something incredibly simple such as either the car was unlocked or they are doing something like zapping the lock with a taser to fry the circuits.  The light coming on momentarily before the door opens could be explained by the door latch triggering so the lights know the door is opening but before the thief has actually opened the door. 

Leave a Reply