Police in California have admitted they are baffled by a series of car thefts where robbers use a small hand-held electronic device to unlock supposedly secure car-locking systems. "This is bad in the sense we're stumped," Long Beach deputy police chief David Hendricks told NBC. "We are stumped and we don't know what this …
I'm an insider and I can tell you exactly what they are doing.
Remote entry keyfobs contain programmed secure microcontrollers that transmit a rolling code sequence to the car. To open the door you need to transmit the next code in the sequence. The system is programmed to take into account missed transmissions, etc.
They thieves used a special keyfob device with a microcontroller programmed to detect and transmit rolling code sequences. It intercepts and stores the rolling code signal from the keyfob to the car, then the device calculates the next sequences of that rolling code so that later it can send that code to the car to unlock the door.
Easy to do if you have inside knowledge of the highly confidential rolling code algorithm. By design this cannot be reverse-engineered - the microcontroller actually self-destructs.
So this means the special device was built and programmed by someone with inside knowledge. This means it's someone from keyfob manufacturers TRW or Bosch. My guess is they are all using Bosch keyfobs.
However, on some cars there is a way to reset the rolling code sequence and start over, no signal interception needed. This requires intense insider knowledge.
Of course, the keyfob manufacturer can't admit that this was done by someone inside their firms, as this would affect their contracts with the car manufacturers which are worth tens of millions of dollars.
There is no defense against this except to deactivate the cars wireless control.
There are companies that can analyze/reverse-engineer a surprising number of "secure" chips. Here's one, for example:
And, while these guys are legit, there's probably dozens of illegit or university lab students who could/can/are doing the same thing.
P.S. Yeah, I've got some experience in the computer security field, too. Can't say what exactly, though. ;-)
There are companies that can analyze/reverse-engineer a surprising number of "secure" chips. Here's one, for example:
These chips can't be reverse-engineered. They will self-destruct if you:
- Clock them too fast
- Clock them too slow
- Expose them to light
- Attempt to probe any inside trace
- Expose them to extremes of heat and temperature
The chips contain false circuits and bogus code routines. And that isn't the half of it!
The gist of it is, it would be cheaper to buy a new car rather than attempt to reverse-engineer these chips.
I remember what BMW said about EWS4 first used in 2007 I think.
The electronic vehicle immobilizer 4 is an immobilizersystem that prevents unauthorized
engine start. It was used for the first time in the Car Access System 3 in the E92.
The electronic vehicle immobilizer 4 uses a new, modern encryption system. A 128 bit
long secret key is assigned to each vehicle and stored in the BMW database. This secret
key is kno wn onlyto BMW. The secret key is programmed and locked in the Car Access
System 3 and in the digital engine management.
Once entered in the control unit, the secret key can no longer be changed, deleted or
read. This therefore means that each control unit is assigned to a specific vehicle.
The electronic vehicle immobilizer 4 operates with bidirectional and redundant data
tr ansmission. The K-C AN (CAN prot ocol) and C AS-bus (K-bus protocol) are used for this
- Programming of key is going directly in the ignition lock! No need for
additional programmers and preparations of keys!
- Support of latest technologies from BMW:
1) EWS4 Secret Key (new 128-bit synchronization with engine control unit).
BMW documentation “says” that noone can read or write it, but we can do it
through OBD-II socket! Surprise!
2) SOPT (encryption of keys and synchronizations with engine control unit).
Now the keys can be programmed even for encrypted CAS! And even with
encrypted EWS4 Secret Key, and now it’s the first software that can do it!
Don't waste your breath Stevie he's talking rubbish. There may well be a rolling code but it still has to be tied to the actual vehicle in some way otherwise a criminal gang could simple hire a BMW, take the fob apart and 'press' the button a few thousand times using a motorised switch, recording the radio code sequence generated each time. If it worked the way BillG claims you'd only have to replay one of the later sequences to open any other BMW.
BillG wrote: "special keyfob device ... [that] ... calculates the next sequences of that rolling code so that later it can send that code to the car to unlock the door."
So the only SPECIAL bit is that it acts like a NORMAL keyfob being pressed lots of times. Do please think about what you are reading.
There may well be a rolling code but it still has to be tied to the actual vehicle in some way
Exactly. Each keyfob is "seeded" with a code unique to that car/keyfob pair. The seed is transmitted when you press the keyfob button so your car knows it's being addressed, while nearby cars know to ignore your keyfob's transmission.
But the seed isn't transmitted in the clear or separately - it's encrypted as part of the the entire transmission sequence. First decryption of the total transmission tells the car yes, it is being addressed. That triggers the second decryption which says open the door or boot, or turn on the lights, activate alarm, etc.
This post has been deleted by its author
The police are stupid when it comes to many things.
In the UK they are recommending peoples locks being changed to this new type. (£75 a lock or something like that).
The person from the fire brigage who does stuff for a council that is to do with locks tested one and could get in within 10 seconds tried to tell the police what a waste of time it was and they basically ignored and kept hassling the council to pay for these new useless locks. I am sure there must be something corrupt about it. I think being a policeman attracts people who are just as bad as the criminals most of the time.
"I think being a policeman attracts people who are just as bad as the criminals most of the time."
I think you've got that backwards. Being a criminal makes becoming a policeman attractive. Society just has to ensure that there are checks and balances within the police force to spot people who have joined in order to be bent.
It's a command culture, a Police officer will swear yellow is green it told to by a senior officer, even if it flies in the face of common sense. Policy is policy, the police are not the only organisations that suffer from this blindness, and no policeman is an expert in everything.
There is a defense - stop using security through obscurity. History has told us a thousand times over - It NEVER works. If US defense contractors have had half their secrets spilled with their security budgets, then I'm not going to be the least bit surprised if automotive manufacturers have leaks.
And get the guys creating the "secure" systems talking to those who break them. The former don't think outside the box enough, and the latter are never taken seriously enough, or worse, they're criminalised. The entire industry needs a change of mindset- quite how automotive industries expect a proprietary secret such as a key fob switching algorithm to remain secret for the lifespan of your average car (15 years or so) would be laughable, was it not so serious.
I live near an auto plant, and a friend bought their latest desirable top spec sports model. Within a week it was stolen from his drive. The police told him that, that make's the worst to have round here, the local car thieves knew how to steal them before they came off the production line.
Bring back crook locks and garages with big bolts on the inside.
Some things are best left to the old fashioned, manual way that involves physical contact.
Physical access to properties and vehicles.
In-person card purchases.
Password storage in a well guarded, coded book, instead of password vaults on a computer.
To name but a few.
"Physical access" involves tumblers and keys. Those haven't ever been secure. Leave aside the practice of key bumping, there are so many ways to circumvent physical locks.
Tumblers are often relatively easy to deal with, but the older lever locks are not. Yes, the cheap skeleton door keys are a joke, but even a very old 5 lever lock can be difficult, and/or time consuming to open. Of course there's a phobia for using old technology so that's out, along with anything that doesn't have fashion value. The bottom line is that there is no cure for car thieves - except driving a junker.
You don't want foolproof security on your car, otherwise you just get creeper burglaries* instead which happens a fair bit now anyway, at least here in NI it does.
I believe there's also been an increase in car-jackings over the years as car security has improved.
* If you don't know what a creeper burglary is:
It's easier to break into your house than your car. So they break into the house and look for the keys. So if you hide your keys? On occasion, if they really want your car, they'll boil the kettle and then bring it upstairs. They'll wake you up, hold the kettle over your head, and demand your keys.
I'd rather they took my car than poured a kettle of boiling water over my head.
>You don't want foolproof security on your car
For your average car, you want good enough security, so that there is a good chance the car is still there when you get back to it, but also if it does go missing you want to know that it is unlikely to re-appear any time soon and so the insurance will pay out.
They'll wake you up, hold the kettle over your head, and demand your keys.
Do you know how quickly some people can bolt right up out of bed and shove the creep along with a faceful of boiling water all over the back wall of the bedroom?
I'm going to love it when that happens the first time, if it hasn't already. I hope it ends up on Youtube.
This post has been deleted by its author
I always thought there were more car thefts in NI because PSNI landrovers can’t go round corners fast, or for that matter in straight lines fast, I assumed it had gone down now they use Astra’s and only pull out the landrovers in July.
My dad tells a story of noticing a burning car during one of the usual spots of bother back in the 70s, and ringing my nan to confirm that yes, his car was no longer parked outside her house.
Anyone trying to carry a kettle of boiling water through our house in the dark is risking a broken leg *and* a self scalding.
Besides, I challenge anyone to get the controls on that never-to-be-sufficiently-damned cooker right first time by moonlight, and the leaky kitchen faucet aerator will spray water all over them. Also: our kettle is like unto a bell. Filling it is not a silent process. God help the poor bastard if he wakes the wife before me.
A thought occurs (ow!). Why not forestall this grisly scenario that troubles you so much by simply alarming your kettle in some way?
Or replacing your real kettle with one with holes in it so the Headboiling Burglar of Olde Londone Towne ends up leaving in disgust (and possibly wet clothes)?
Or hiding your real kettle and leaving another with a snake sleeping inside it (and holes in case the burglar susses that the snake isn't venomous)?
Or hiding your real kettle and replacing it with one housing one of those disgusting plate-sized spiders, so the burglar will awaken you with his unmanly shrieks of terror? Add holes for backup fun.
Or hiding your real kettle and replacing it with one with the insulating stuff removed from the handle so the burglar will burn his hand when he picks it up, again alerting you with his shrieks of agony (bonus scalding if he drops the kettle here)?
Or hiding your real kettle and replacing it with one with a hole drilled in the bottom that you fill with a gallium plug so the burglar fills the kettle, boils it only to have the water flood all over the place?
Or hiding your real kettle and replacing it with one fitted with an internal steel reed whistle (like the ones you can get to ram up your neighbour's car's exhaust pipe) so the whole house is alerted to a headboiling in progress?
Or hiding your only kettle eg in the fridge and have one high-level kitchen cabinet rigged to drop noisy cans, small bells, whatever you have onto the person who opens it? Rig is simple on an Ikea-style cabinet. You remove the shelf and the little pin bracket thingy from each side. Drill through the cabinet so the pin thingy hole is a through-hole. Insert nail through hole from outside, replace shelf and load with light but resonant crap. close door (reinforce latch with rare earth magnets for best effect). with door held closed, remove nail to drop shelf front and load door with crapolanch-in-waiting. Warn family.
I came up with these in about a minute and they are all doable with stuff I can get easily.
So, Stevie, how are you going to guard the iron? The waffle-iron? The cast-iron skillet? The 8" chef's knife? The scissors? The screwdrivers? The wine/beer bottles? The hair curler? The knitting needle? The fireplace poker? Etc?
I could have shot the one intruder we have had here at chez jake, but when I got down to the kitchen, where he was, instead I calmly put down my Kimber & picked up the phone & called the non-emergency police line. When they arrived, I called off the dogs & he was transported to the hospital to stop the bleeding (and bleating, I might add!), and then on to booking & jail time. Stupidity should hurt! ;-)
Dogs are Gawd/ess's gift to humanity.
"So, Stevie, how are you going to guard the iron? The waffle-iron? The cast-iron skillet? The 8" chef's knife? The scissors? The screwdrivers? The wine/beer bottles? The hair curler? The knitting needle? The fireplace poker? Etc?"
The iron is in the basement o' crap, good luck finding it since none of us have seen it in months.
Waffle iron broke and was tossed.
The scissors are always AWOL but on the off chance the bloody kid put 'em back in the drawer she undoubtedly put 'em back open with the points sticking out. If my experience is anything to go by the screaming of the pig-stuck burglar will alert us.
If he opens the cupboard with the hair care electronics in it he will precipitate a crapolanche the likes of which hasn't been seen since that mountain in Iceland blew up.
The beer and wine is in the basement: see comments re: iron.
No-one knits in this house.
We don't have a fireplace.
The etc? is a problem but I feel up to the task of defeating anyone with my own counter etc? etc?
Which leaves the 8" kitchen knife. My only hope is that he will knock over the butcherblock because he will have a leaky snake-filled kettle in one hand. I always do when trying to get a cutting implement one-handed.
In all fairness I feel you are being disingenuous. The specific fear here was the Headboiling Intruder and I have shown how to deal with him.
In point of fact anyone entering the Steviemanse will be deafened by the alarm system, designed for maximum disorientation and annoyance. Unless they have the power to ghost through walls.
Then I'm f*cked.
Our household has some that are up until as late (early?) as 6 am, and others that wake up at about 5 am (roughly). Most of the time there's no gap. Odds are high that it would end very badly for any late night 'creepers', especially if they ran into Grandpa in the wee hours (raised in the jungles of Asia, wrestles carabao, juggles knives, etc.).
Wondering about which time warp you fell through regarding locks and cars, the shitty wafer locks are long gone.
It isn't a lock problem it's a nature of cars problem, they have windows, doors made of folded sheet metal and often a fabric roof. 'Tumblers are easy to deal' what a glorious almost politician like generalisation with well lets see you deal with an Assa Flexcore with anything other than a power drill or breaking the door in question
In the UK immobilizers have been compulsory for years (and most of Europe) unless you have something very old (or shit) nobody is stealing it unless they have the keys or something that attaches to the management port and even then it's only for entry (unless they have fucked up real bad)
Even Ford started using the Tribbe system in the early 90s, yeah you can punch the lock out but the immobiliser takes stops the car from moving (as I suffered back in 95 but the car didn't move)
If a car hasn't an alarm then they just spread the door, it's the work of seconds, but the car is still not going anywhere (if it has an immobiliser)
Hence you end up with a house break in and potential torture (as described by another comment)
A fair example of the tools available for car entry are shown here http://shop.multipick-service.com/?language=en and you will find that the electronic options are limited to particular mfgr / mode / and date of manufacture
Well I don’t know, I sure I remember hearing about the South African car alarms that included flame throwers, and then you have James Bonds BMW that electrocuted would be thieves (Tomorrow never Dies I think, the one where he drives it using his phone), funny how the real life instance of the protection is much more scary, stupid and ridiculous then the one they thought only James Bond could have
Ahhh the old "South Africans have flame throwers" chestnut.
1. It was not linked to the alarm. It was a manual anti-hijack device.
2. It was not a flame thrower. It was gas-driven and ignited a squirt of gas (not gasoline, but actual gas) to scare off the attacker.
3. It was an experimental design that did not pass legal muster, so it certainly is not in use.
Just had a quick Google
1) Yep, manual anti-highjack device, not car alarm
2) “The Blaster was a liquefied petroleum gas flamethrower installed along the sides of the vehicle under the doors.” - http://en.wikipedia.org/wiki/Blaster_(flamethrower)
3) It was legal, but demand was low and the cost to high so it was discontinued.
""Physical access" involves tumblers and keys."
No it doesn't. Think I2C single-wire protocols. They only work when actual electrical contact is made (i.e. with the car body or door handle or a metal panel somewhere), do not transmit anything over RF (beyond electrical noise), and yet can transmit data (and power) back and forth. Then that can be use to activate car central locking.
Or, hell, even the old Ford keys (though hackable in their current form) use this. The key is a blank, really, and relies on the chip inside it to negotiate over the metal connection of the key to the ignition / door and unlock the central locking. The "key" itself does nothing but turn the lock, but there's no reason it needs to do that at all, once the communication is working (I think that was left in to make people think it was still a "secure" key... fact is that a dead key, even for the right car, is like poking a stick into the lock - no tumblers are going to move and nothing is going to open)
This has been done. Implementations of it have been hacked. But the fact is that you COULDN'T open the door without touching the car, and you couldn't tell what the car was communicating with without somehow being in the path of that electrical connection (not down the street with a radio scanner).
But people seem to want RF remote connections, despite the fact that they have to then touch the door to open it anyway.
Wish I could upvote that a hundred times over. Why, why, WHY do people see any advantage in a wireless "key" rather than a contact "key"? Same as paying more for notebooks lacking a wired network socket, I guess.
Driving a junker works well. Someone recently radio-unlocked my 12-year-old car - presumably the tech to break 12-year-old radio security is now available for less than the cost of a new key? Anyway, they couldn't find anything much worth stealing, neither car nor contents.
So why don't people have remotes for their homes to open the door? (with a key backup of course).
What has happened is over time the car makers decided to forget trying to make a car more difficult to get into and focus on making the car impossible to start without the right key.
There are two reasons why people want to get into your car, 1. Steal contents, 2. Steal car. Most people don't leave anything valuable in their car these days.
So the immobiliser has been very useful in stopping cars from being stolen. It stopped hotwiring or mechanical lock picking/bypass as the way to steal cars. But all this has done is force the car thieves to change tactics, so they now look for more hi-tech solutions (or carjack).
What seems to be the problem is there is obviously some dealership backdoors or tricks that are known about. Just like I remember hearing how you could bypass password security on laptops by connecting a few pins together on the parallel port (a reset procedure).
Those haven't ever been secure.
Apart from the issue of different available locks (as mentioned by others) there is another aspect to consider. Making a mold from a car lock will be a lot more suspicious than simply trying to pick up electronic signals using a "blackbox".
Or: "Uhm, I lost my keys and the assurance doesn't cover it, so I'm trying to make a duplicate key?"
vs.: "Yeah, coverage is a biatch these days; I can hardly get any signal here, that's why I'm standing so close to your car sir.".
This looks like a new wrinkle on an old hack. Previously, the method used would trigger all of the wireless functions that were available; unlock, disarm, open rear hatch, start car, panic, etc. This one looks like somebody has spent some time to build a device that just disarms and unlocks. Since it doesn't work on all cars, I suspect that the dodge works on a specific OEM's system and the cars that are getting broken into all have that unit installed.
The video is hilarious. The reporters, cops and "expert" are all a bit dim. All security systems can be circumvented. One layer of one type of method is not secure. A question was raised as why the thieves in the video were only using the passenger side door. If they put 10 seconds in to thinking about it, they would probably come up with the same reason that I did. If the idea is to search the center console and the glove box, it is much easier to do that quickly from the passenger side. Also, if they were observed by somebody, it might look like they were just trying to find something in their car where if they got in the driver's side and didn't drive off, it might look suspicious. The kink in the previous sentence is that at least one of the burglars was dressed in gang style clothes and didn't look like he belonged to that car. Another one got in wearing a bulky backpack. I find is strange that one car owner claims that a stack of cash and an expensive cell phone were snaffled. What? Must be for the insurance forms. What sort of idiot leaves an easily found wad of cash in their car? Most people also keep their cell phone with them. I bet the guy is hoping for a new iPhone or a Galaxy.
Having no electronic alarm that is capable of remotely unlocking the doors is a better security arrangement. Thieves are unlikely to smash a window unless some bonehead left a laptop or idevice sitting out in plain view that could be grabbed and run off with. The sound of a window getting smashed will attract a lot of unwanted attention and is not a good idea for a random search on spec. I am generally annoyed with people and their key-fob-chirp ritual. I know that's it's useless and I hate the noise.
A hoodie makes someone wearing Gang style clothes? You obviously have not been following the Zimmeran trial have you.
One of very many articles.
AC out of habit.
Junkers are the way to go. My landrover had no roof most of the time (soft top but visibility was shite with the canvas on and the fumes built up to hallucinatory levels). The seats were vinyl and there were rolls of black bin bags to sit on when it rained. The panels had been beaten out many times with a patchwork of pot rivet pieces where various branches had gone through (I was a member of the red rose off road club).
It wasnt stolen in the 3 years I ran it. worst thing that happened was the odd bag of chips left in the back if I parked on a "way home from the pub" road.
We had been stupid enough to leave the old satnav ring on the windscreen in our old car, needless to say it got done. Funny thing was the scumbags raked through the glovebox they nicked..
SatNav 12v cable
And...a 15 year old pair binoculors in a PVC pouch that looked exactly the right size for the TomTom unit! We never left the SatNav in the car, only took it out on days out or holidays.
Would have loved to have been there when they opened up that little bag and found a knackered old pair of bins worth about £1.50!
Thieves smashed a window to get my backpack full of sweaty gym kit, shampoo and a library book. The police said this happened all the time, and they were too busy to care about anything this minor. Some kind person handed to pack in at the library, so I got all my stuff back. The biggest hassle was getting a replacement window from a scrap yard.
The thieves also broken the ignition connection in an attempt to break the steering lock. I had to run a wire from the side lights to the ignition coil to keep the engine running, and short starter solenoid with a screwdriver to turn the engine. I ran that car for another year and no-one asked me why I was hot wiring an old car several times a day.
I had my car stolen from Filbert Street football ground when I was in Uni (their car park was open to the public during the week).
They stole my Tesco uniform that was in the boot (why!!!??? Did they have a cashier fetish?) and all of my (home recorded) tapes - but not my parents tapes that were also in the car. And the 15 pound stereo itself! (Again, why? It's not like anyone if going to buy that at the pub is it?
Thankfully the police found my car in a bad neighbourhood about 7 hours later so I still had transport. And because it was a very old Ford they hadn't had to smash anything to steal it.
The police said it was likely to be 12 or 13 year old kids who couldn't be bothered to catch the bus home. Gits.
Don't agree that cops are stupid or that ease of access explains the passenger-side attack. The cops have spent a lot more than 10 seconds examining the evidence in close up, and have probably solved hundreds of car theft cases. Attacking the driver-side would mean a longer stretch to the glove box but that is not significant in my view. And it would even give the perp more privacy for his rummaging.
"The sound of a window getting smashed will attract a lot of unwanted attention and is not a good idea for a random search on spec"
Technique used here years ago: smash window and keep walking. Go around the block and then if no one has responded to yet another alarm going off, get in and steal what's inside. I've seen it in action.
"The sound of a window getting smashed will attract a lot of unwanted attention"
No, it won't. A center punch or a piece of broken spark plug insulator against auto glass sounds nothing like a golf ball against Mom and Dad's front picture window (or a lawn dart in my case, but whatever). Realistically, nobody is going to notice if they used a damn RPG, but a quick pop along the lines of a pellet gun? If that. No way.
So carry on, all you highly successful and overachieving street urchins who like to spend their friday nights pilfering loose change, pocket lint, and old gum out of center consoles and ash trays. Somebody's got to do it, I suppose.
If nothing valuable can be found, the damage is at least much lower, than if they would break in the windows. People who think that a parked car is a safe heaven are IMHO part of the problem here. Same people that use "password" as their password and think they are smart.
Yes, I know, of course this lowers the risk for the burglars and makes break-ins more likely, so the existance of this device is a bad thing.
I said it before - organised crime can break through any static security, given enough time. That is, why trusted computing is evil, btw. Once the bad guys are in, you can't get them out any more.
Paranoid? No, I know they are out there, trying to get me!
I had a crappy stereo pried out of my car once. The POS cd player skipped all over if I was driving. It just gave me a good excuse to get a better one that didn't look as fancy. Getting the window replaced and all of the time to vacuum up the glass were more of a bother.
Minding where you park your car is the best first step. If there isn't a good place to park, don't. Unless you're going to hospital in an emergency or a court date, you can put off anything else.
Yes, it's still possible to get broken into even in a guarded car park, but no sense is raising the odds.
Trusted Computing is a misnomer for a system that lets The Man® into your computer without having to bother with court orders or experts. It also allows companies such as M$ punish you if you decide that you might prefer linux or some other proper OS.
For years I worked for a company in a renovated industrial loft, and had to park my old Saab in a dodgy area near the wharfs. I never left anything in it, never locked the doors -- and never once had a problem. Once or twice it was apparent that comeone had opened the door and rummaged through the glove box and centre console, but there was never anything to steal, and they were always kind enough to close the door when they left.
I found it useful to save people the effort of rummaging and used to dump the contents of the glove compartment on the passenger seat when I parked ie. make it look like the car had already received a visit...
Only once did this fail, because I had forgotten about the shopping bag on the back seat which contained my wet swimming gear...
The first thing I did upon buying a used Jeep Wrangler was to take the radio out of the dashboard and place it in plain sight on the passenger seat, with both doors unlocked. I had heard of people slashing the soft top to break into Jeeps like mine, and wanted to nip that in the bud. Would you believe it took nearly four months before someone finally took that damned radio?!
Later, in the dead of a Milwaukee winter, someone helped themselves to the old coat that I'd leave in the Jeep when I went bar hopping. I'll assume that he needed that coat more than I did, as it looked like sh*t!
Yes but there is one exception to that, as a colleague found out the hard way.
He had a high-end stereo fitted that had a removable faceplate. This he had in his pocket in its little carrying case. When he returned to his car, the police were already there.
The scrotes had broken in. The police explained that around 80% of people stick the stereo faceplate in the glovebox, so they always look there. Unfortunately, of the remaining 20%, most of them lock the thing in the boot.
The damage caused by crowbarring the boot open was worth a lot more than the stereo unit.....
Similar thing happened to me - car stereo with removable control panel, so the scratters used something like a screwdriver to pry open the locked glove box only to find it contained nothing but a street map. They got nothing for their effort and I got a hefty repair bill for the steel dashboard and broken rear window (this was an old sports car, and the specialist "classic car" insurer went bust during the claim so I ended up getting 10% of the cost back).
My car was broken into three times in a month to steal the audio head unit, when parked in the Maida Vale area of London. The police, of course, had more important things to do than investigate - two of them in a van were busy telling people not to cycle in Kensington Gardens.
Why do thieves steal car radios? It's been years since you could buy a car without one, so the only cars without are those from which it's just been stolen. Many stolen units are replaced on insurance, and there's also a vigourous aftermarket sector for replacement car audio. It follows from this that there are probably more audio units than cars. I don't know what price stolen units fetch, but I should think you have to steal an awful lot of them to maintain even a moderate drug habit.
Baggie cost, at least that was how it was explained to me by some types that lived round some dodgy areas of Salford.
This is a few years back when at uni near there. But basically if they could get a fivers worth they would buy a five pound bag of smack, enough for the moment.
They did the same with weed these guys used to sell by the ounce to students (cheaper in quantity so more sensible to buy it that way etc), but round the estates etc a large amount of their deals were not much larger than a teenth (about £7.50) and more often less than that in weight at a fiver.It wasn't just getting money together either, that was just the culture of it.
Staying AC on this one.
They're being used in Ireland too BTW, sounds like the same thing.
They basically send the codes for various cars and alarms via radio, cycling through multiples in seconds. Upgradable via USB with both new firmware and new codes et all.
A Roma gang were caught with some of them in Ireland a couple weeks ago, classed as "car key grabbers" by the cops here but they don't actually read or copy keys, rather like I said, they're programmed with same.
Anyway, the other trick used is to (sort of...) Emp the electronics temporarily (can be bought from China) then access the car via the backup normal key lock on the passenger side door normally via a hidden panel in the passenger side door handle - which might explain some of what's been reported on here.
In the mid 90's aftermarket car alarms all went to what they called 'code hopping' to stop this sort of thing. The crooks had a scanner that recorded the frequency broadcast by the fob then set the matching frequency on a variable frequency fob that sold for about $30. After that the car could be accessed at any time. The 'code hopping' tech broadcast a random encrypted frequency that stopped all this. Wonder why they stopped.
Code hopping is still around. I know this because I've ended up "fixing" someone's alarm because if you pressed the keyfob out of range of the car (or if the fob batteries run out, or if the fob's battery connection breaks and requires resoldering), the code-hop sequence gets all messed up and you have to go through a bunch of timed keypresses and alarm siren activations to reset it.
What isn't still around is the old IR keyfobs, that I've had much fun scaring (and occasionally pranking) car owners with through the use of a learning remote control.
... in Internet time, anyway, call it roughly 1985 ... a friend of mine & I applied a 10Mhz digital storage scope to a simple Garage Door opener. After eyeballing the output, we managed to build a Universal garage door opener from parts in my garage. One push of a button would open most garage doors within a couple minutes. It was basically a war-dialer, but at the right radio frequency.
I learned to pick locks before I was a teenager. It's not exactly rocket science ... and a handy skill to add to your tool collection. It's not illegal, either, contrary to popular belief (nor are the tools!), unless you use the skill for nefarious purposes.
Locks are built to be opened. If you don't want it opened, don't make it openable.
Note that I'm not condoning breaking the law. I have never used what I know to illegally break & enter, nor will I ever. I'm just pointing out the obvious.
Depends on the country.
Stalin's 1930-es law code outlawed both lock picking and possession of tools. AFAIK that is still in the law code of Russia and some of the ex-USSR member states till this day. Not that this did any good - all the crooks continued to pick locks with burglary, pickpocketing and other crime staying at the pre-law levels (if not even growing).
Similarly, UK, USA, etc all try to outlaw some aspects of it on a regular basis (mostly the cyberspace, not meatspace part). If my memory serves me right, there have been at least 3 attempts to outlaw the network equivalent of lock picks in the last decade - some of them successful. In fact DMCA is exactly that.
jake, its a big bad world out there, and, despite what your politicians tell you, different countries around the world have different laws to you.
For instance, walking around with a set of lock picks, and not being a locksmith, is called "Going equipped for stealing" and is an offence in most common law countries.
"equipped for stealing"? How fucking daft.
Do you have a plastic drink bottle in your possession? Know what a "bump key" is?
How about a hand? Know what pickpocketing is?
How about a tune up kit for your lawn-mower? Did you know that a sparkplug will shatter automotive safety glass no matter what angle it strikes it?
As a side-note, having a set of picks & knowing how to use them kinda automagically makes you a locksmith, no? I can open most house-hold doors with no more than a safety-pin & a bobby-pin. Thus, yer old mum is "equipped for stealing".
"equipped for stealing"? How fucking daft...."
Yes, isn't it? but welcome to the wonderful world that is the legal system.
I regularly carry a (reasonably) full toolkit in my rucksack to-fro work, and I use public transport (not being a car person). If I was ever searched, and the Police chose to be bastards that day, they could arrest me and charge me with the old 'going equipped' malarkey based on the contents of my rucksack, and the onus would then be on me to prove my innocence in front of a Judge/Sheriff/whatever.(meanwhile, as I've been arrested, they'll have taken my DNA and fingerprints, and as I've been charged, my employers will have had to been informed with all/any repercussions that may entail..etc. etc. etc.). As it stands, thanks to the hysteria regarding knives, as a paranoid move in case I'm ever stopped by the Police and searched, I'd removed anything with a blade from my travelling toolkit several years ago now, but I've no doubt that if they so chose, they'd regard some of the hex/allen keys in my kit as looking suspiciously like picks..and as for the two sets of hex security bits, well, you get the picture.
"..As a side-note, having a set of picks & knowing how to use them kinda automagically makes you a locksmith, no?.."
No, you may have the technical skills to be a locksmith, but if you're not operating as a locksmith in a business capacity, wandering around with a set of picks in a public place puts you in the frame for 'going equipped'.
"..I can open most house-hold doors with no more than a safety-pin & a bobby-pin. Thus, yer old mum is "equipped for stealing"..."
Yes, it's silly, but if you (or yer old mum) had form, then possession of a safety pin & bobby pin might get you done on 'going equipped', depending on the circumstances and whims of the Police.
"if you're not operating as a locksmith in a business capacity"
But ... I am. Do you provide technical services for free?
"whims of the Police."
Should have no bearing on police action, not at this kinda level. Or have you lot brought back the "sus law"? If so, I feel very, very sorry for you.
I am pretty sure it is simply overriding the "molly guard" that stops children being locked in the car.
The gadget is a large rotating neodymium magnet mounted on a broken hard disk motor, that causes the locking mechanism inside the door to activate.
Don't remember where I read this but it makes sense, I tested it on my Mira and it worked.
(nb: this also has IR unlocking which is p**s easy to brute force)
Yeah, I've come home from work late (20 hour days) and I've locked the car, only to have my neighbour wake me at 10 the next morning to inform me, that I had left the windows open! The car was parked on a residential street
I've never had any problems. (Quickly touches wood)
On one ocassion, I was working in Birmingham and I parked my car in the multi-story next to the hotel on Monday morning, I picked the car up again on Friday evening and found out it had been sitting there unlocked! :-O Nobody had touched it.
I did that with my front door once, left it wide open for about 3 hours, (I was between pubs) I can only assume people thought that because it was summer and hot I was in the house and the door being open was to keep whoever was inside cool, a number of homes have been robbed on my street, but I guess the mistaken reverse phycology worked in this case.
Not that I would advise leaving your door wide open.
They certainly are not using RF via the normal receiver and multiple codes.
RF fobs can open cars from a long distance away (mine works out to approx 100m). A crook using RF would open the car from a distance away so as to not expose himself to getting caught.
The footage of the hoodie walking past cars, then stepping back when one opens also shows the same... up close and not targeting one car.
This mechanism works by having to be really close. Perhaps it triggers the door lock solenoid. Perhaps it nobbles the microcontroller in to door... Something magnetic would be my guess.
"What sort of idiot leaves an easily found wad of cash in their car? "
When he was playing for City, Mario Balotelli was supposedly stopped by police in Manchester for "driving while black", and plod noticed he had something like seven and a half thousand quid on his passenger seat. When they asked him why he had so much cash on him, he just said "Because I'm rich."
It's hard for the man in the street to comprehend that even really, really, really rich people still actually drive around most of the time in cars that don't look that different to the standard exec saloon. But to those people, ten grand is pocket change.
...even really, really, really rich people still actually drive around most of the time in cars that don't look that different to the standard exec saloon.
Balotelli rather famously drove a Bentley Continental GT in camouflage colours with bling wheels on it. As that's verging on being the epitome of automotive bad taste, short of adding a neon sign saying "I am a drug dealer" I'm not sure what more he could have done to attract the attention of the plod....
didn't they already show this on Numb3rs? Looks like the thieves watched the show and the feds haven't. :-D
Seriously though, given the amount of in-car systems all networked together, it isn't really surprising. There was a hack last year that got into the onboard computer via the wireless signal from the tyre pressure monitors...
In both cases the device unlocks the passenger side door and appears to disable the alarm system.....
On many systems, unlocking the door with a key activates the central locking and disables the alarm. This is certainly true of "two button" Bosch systems and probably others as well. Coded negotiation between the fob and ECU is only necessary to disable the immobiliser. It sort of makes sense, you don't want the alarm going off if you've unlocked the thing with the correct key.
My guess would be a box of tricks that manipulates the solenoid on the lock, tricking the system into believing the door's been unlocked with the key.
...I'm told its something to do with the system called "key lock" that's been hacked completely for a lot of car manufacturers and all variants and their codes are already known and cycled through in seconds from the device.
Another trick I'm told is to use very high powered small magnets available from maplins, on certain passenger side car doors, again around the handle, which for some stupid reason will disable the alarm and allow you to open the door.
I have friends in low places who unfortunately probably have or still do engage with this stuff.
All the cars in the video are Hondas (Acura = Honda for the USDM).
They're touching the door handle. You have to do this to activate the keyless entry system as it's passive RFID. The range is only about 18" from the door handle. Wouldn't surprise me at all if Honda (deliberately or inadvertently) put a master key code into their system and all the thieves have is an appropriately coded dongle.
They don't steal the vehicle as they still can't start it. The lockout for the engine ECU is a separate system. All they've done is pop the lock and switch off the alarm.
In my distant youth used to legally repossess cars for finance firms as knew legally how to install and decommission alarms systems and locks.
This is nothing more complex than magnetics and parts can be assembled from maplins for around £25, good parlour trick, tried it yesterday after seeing the post with family and friends cars and works on around 40% of cars.
What I can;t believe is how they are all stumped, not rocket science, look at the material your central locking system is made off Mr Sheriff (there's a hint), used it 20 years ago to open cars but parts were more expensive and not so readily available then.
On my most recent trip to South Africa I noticed a lot of posters in shopping centre carparks warning about the current favourite, which is some sort of jamming device which thieves use to stop remotes from locking cars. People have a habit of pressing the lock button on their remote while they are walking away from the car. The thief lurks nearby and presses his jammer at the exact same time, so the car fails to lock. You would think that people check that their car is locked after pressing the button, but apparently there are enough who don't for this to be a worthwhile venture for thieves. Police advice is similar to the age-old toilet seat problem: Look.
I know some UK crim types are using a jamming device.
They basically sit up in a car park / near driveway and actively jam the remotes signal resulting in cars left unlocked (apparently a lot of people don't check the car is locked or look for the indicators flashing when locking).
Its then just a case of waiting for people to walk away and hey presto - unlocked car.
It could be as simple as using a "wireless charger" inductive loop to produce a 12V pulse to the door solenoid.
It certainly looks as though you have to be very close to the car door to get it to unlock. These things have only just started being popular and I have seen a lot of people asking for them to make one for cars.
Unsurprisingly the manufacturers have no plans to make these for cars as the INDUCE VOLTAGES TO NEARBY WIRING, duh. The great unwashed clearly has no idea about physics.
Anyway. I bet you that is what it is. It will only unlock cars with central/power locking and only if they place it near where the solenoid is.
I don't know for sure why it would disable an alarm, but it probably would fry a good amount of IC's. I assume that there are mechanisms in place in ECU's to protect electronics from noise and power surges. Perhaps it has the benefit of tripping circuit protection.
I think the idea here is similar to that seen in Gone In 60 Seconds.
By sitting in a neighbourhood scanning people opening there vehicles with there fobs the would be programmer who developed the tool could possibly create a piece of software that brute forces the locking software into opening? also if you notice there is quite a delay between presenting the device and the vehicle responding, further supporting the fact that it is possibly performing some kind of brute force entry.
On the other hand there could be someone who has taken the time to reverse engineer locking software on specific vehicles and found the backdoor (pardon the pun) in order to enter the vehicle.
I disagree, if it was the code being sent then the lights would flash and you would be able to use any door. As I just mentioned I believe it is an inductive loop "charger" jury rigged with a camera "flash" capacitor to spike a current to the solenoid. This also explains why it takes a short time to trigger, the capacitor has to charge up from the battery.
My Honda has been opened up in this way several times, according to the police. The first time it happened I just thoght I'd forgotten to lock the door and the b********* who took my satnav from the glove box had struck lucky by trying the car that night. . But the police told me that the thieves have a device that can open the central locking. It's happened a few times since, which is inconvenient when I've been out and about and didn't have the satnav, becacause i can't just leave things in the car anymore.
They cops say that the b*****s can record the signal from the key and then use it later. with some cheap device they get off the internet.
No-one yet mentioned the collision detector that unlocks all doors. For sure on older models there was a panel under ta front wheel arch that could be opened, then a sharp tap inside with a small hammer would unlock all doors a trick known to countless RAC/AA techs.
Not sure if the hazards/alarm go off at that point, I suppose they ought to?
I remember in school we fitted a lift with a magnetic switch to bypass the key. The key was given to students with mobility issues. Our mobility issues were connected with laziness rather than any infirmities.
I don't see it being possible to actuate the door locking solenoid with a magnet from the outside. Car doors are typically made of steel and all of the door lock solenoids I have come across (not too many) are oriented in the wrong plane. There would be tell-tale marks on the outside of the car from the magnet affixing itself to the door and then been run back and forth. Get a very small NdFeB magnet and try it on a car door. Now try and get the bugger off!
If the car manufacturers have fitted a simple bypass to the security system, they should be billed for the thefts. What's the point of a sophisticated alarm where all you have to do is speak "friend" and enter. In elvish, obviously.
Really? I can find similar techniques being used dating back to 2005 (and there's probably earlier ones too), where robbers were using devices that did exactly that. How does it work? Very simple.
Put the device in a car park or where the target usually parks, in a bush, with a battery.
What does the device do? Sniff all wireless packets and record them.
How does the device work? Play the recorded packets back.
How big is the device? Smaller than a cell phone. In fact, some newer phones can do it out of the box. A laptop can do it too, or a tablet.
I'm stumped that police are stumped. This is the epic fail of the day.
If the key fob and the car had a two way chat, the car could verify beyond all doubt the validity of the "open sesame" request.
1..Key fob transmits the id code
2..Car transmits back the same id code with a randomised string attached
3..Key fob passes the string through an algorithm unique to the two and transmits back the id code plus newly generated string
4.. Car compares the response to the result of its calculation of the original string and unlocks.
Applying this methodology to current user passwords would also work and have the benefit of allowing for very simple 4 digit passwords.
The site can create a picture containing a sequence of randomly generated letters and numbers, all you have to do is enter the characters in the order of your 4 digit number, so a picture of "abcdefghij* and a password of 1985 would require a response of "aihe" . A key logger wouldn't work and your password is now easily remembered.
Please send the royalty cheques to The Register, who I'm sure will give me my slice.
Re. comment "I have friends in low places" ... IIRC this was on "Sherlock Holmes" .
Re. solenoids, I had wondered about this method but the NIB magnet trick works a lot of the time; the locksmiths know about it and this is one of their methods for opening key-locked-in-vehicle vehicles without ruining the trim etc.
I also recall reading that a certain model of car, if you kick the bonnet in "just the right way" the airbag sensor activates and the airbag goes off, causing the failsafes to initialise and unlocking every door (!)
The problem is that this is a safety feature built into the electronics and can't be disabled without compromising the airbag function.
Other tealeaving rogues also know of methods involving a laser that "burns" the PCB located directly under the front fascia on some cars causing a similar effect.
Turns out that the manufacturers didn't consider that burning lasers might one day exist that could go through glass and still burn plastic underneath.
Yet another method involves sending a malformed RFID code that causes the controller to poo itself and guess what, unlocks. Yes, seriously, they forgot to include buffer overrun protection.
And another method which I like to call "The Drill of Doom."
A variant on the old petrol tank drilling scam, this one relies on cars unlocking the door(s) if the battery is low.
An endoscopic probe is used (about $40 or so or less if stolen parts are used) to drill several 3mm holes in the battery case, causing the electrolyte to drain.
An hour later, thief comes back to a nicely unlocked car, installs their Acme JumpStarter (tm) and off they go.
Bonus:- usually the car has a failsafe for low battery that resets the security key to "AnyKey" mode.
There is no defence against this, simply putting the battery higher up doesen't work.
About the only way you could stop this would be to add several batteries in parallel and include 100A fuses.
The even nastier variant of this is to abandon said vehicle somewhere having "liberated" the airbag, radio, electronic controllers ($800+), etc rendering it worthless even if the Police eventually recover it.
Installing a dead battery to hide the evidence ($0, from many scrapyards who are happy to be rid of them)
This post has been deleted by its author
...that has the cops mystified, it's that the crimes are only able to disable the alarm and open the passenger's door. They can't unlock the ignition nor start the car so more than likely they've developed some cheap tool that sends a default signal to disable the alarm and unlock the pass door but nothing more. Real thieves would have the good stuff and actually steal the car not the contents. Thus these are likely to be amateurs such as teens or drug addicts without the resources to chop-shop the vehicles. They might have modded a remote control garage door opener?
A client of mine who lives in a quiet cul-de-sac in a salubrious part of north London, told me that there had been a number of break-ins of cars in the cul-de-sac but the owners hadn't notice because when they went to the cars they were still locked as they had left them.
The cars were different makes and models and the perps targetsed all different price bands.
The thefts happened over several days but the residents weren't aware that it wasn't just their car that had been 'visited' and in fact oftern thought that they had misplaced what had been stolen. It was only when one realised that something was actually missing from their car and went to the policew and then spoke to another neighbour that they discovered that they were having a small epidemic.
All the owners claimed that their cars were locked up normally at night and were still loc ked qwhen they went back to them the next morning.
This was two years ago.
The police are still looking into it.
Biting the hand that feeds IT © 1998–2020