Claim: Thieves armed with "code grabbers" can break into cars by recording signals sent by remote keyless entry devices.
[Collected via e-mail, June 2008]
My oldest son Mike came over yesterday - He had to go to Canada for work last week. One of the other engineers traveling to Canada with him, but in his own car, had something happen that I need to share.
While traveling he stopped at the roadside park, similar to what we have here with bathrooms, vending machines etc. He came out to his car less than 4-5 minutes later and found someone had gotten into his car, and stolen his cell phone, laptop computer, GPS navigator briefcase... you name it.
They called the police and since there were no signs of his car being broken into - the police told him that there is a device that robbers are using now to clone your security code when you lock your doors on your car using your key-chain locking device. They sit a distance away and watch for their next victim. Since they know you are going inside the store, restaurant, or bathroom, they have a few minutes to steal and run. The police officer said to be sure to manually lock your car door by hitting the lock button inside the car. That way if there is someone sitting in a parking lot watching for their next victim it will not be you.
When you hit the lock button on your car upon exiting it does not send the security code, but if you walk away and use the door lock on your key chain, it sends the code thru the airwaves where it can be intercepted. I just wanted to let you know about this... it is something totally new to us... and this is real... it just happened this past Thursday June 19th to his coworker...
So be aware of this and please pass this note on. Look how many times we all lock our doors with our remotes. Just to be sure we remembered to lock them, and bingo the guys have our code, and whatever was in the car can be gone.
I just wanted everyone I know to hear this from me. I never knew about anything like this and do not want this to happen to anyone I know, If we can educate each other on bad things happening.
Keep safe everyone!
[Collected via e-mail, August 2006]
Tonight, John and I went to Church, out to dinner, and then to the movies at Loews, on Spring Valley and Central. Apparently, while we were in the movie theatre, someone broke into our car. John's sun glasses were taken (they are going to be really surprised when they find out they were prescription!). Aside from the glasses taken and the two glove boxes open, nothing else was taken, including the home clicker. Now, here is the really odd part: there was NO forced entry into the car, nothing was broken, scratched, or removed from the outside of the car. We were really baffled as to how anyone could have gotten into the car that we had locked. The answer came from the security guard at Micro Center, who was in the parking lot talking to another man whose car had also been rifled. (In that instance, the man's wallet, keys, checkbook, and credit cards were stolen.) But there was no forced entry there either. We soon learned that thieves now have some type of high tech gadget that can monitor and replicate the key pad locking device. In other words, when we got out of the car and started to walk away, John hit his key pad to make sure the doors were locked. When it beeped, apparently there was someone in the vicinity who had one of those devices/gadgets and replicated the key lock tone and then used it to get into the auto.
If you know of other instances where this has happened, please let the NA's/HOA's know, so they can spread the word to our neighbors to be cautious in locking their car doors. If this is indeed how someone could get into our car, then you can bet that from now on I will definitely manually lock all the doors. We will never again get out, walk off, and then use that key pad to lock the car. Great invention, but obviously you have to be discreet in where you use it.
Have a great day but keep a 'heads up'!
[Collected via e-mail, November 2008]
Once again, we are approaching the holiday season and that often means a greater risk of becoming a victim of crime. We suspect that, with the current economic conditions, this year the risk could be even greater than normal. In addition, there is evidence that a new form of automobile burglary has begun to occur around the country. Thieves may be using a device that allows them to copy the signal sent out when automobile owners use their remote key button to lock their vehicles. The thief records the signal and then watches as the intended victim walks away. Then, they simply unlock the vehicle. These aren't typical car break-ins. There is no broken window, the car lock is intact. It appears thieves may be scanning crowded parking lots with some sort of device, and when they see your lights flash, meaning they've made a hit, they help themselves. The only way to avoid this type of crime is to use the car door lock button located inside your vehicle, rather than using your remote locking device. While the Tallahassee Police Department reports they are not aware of this occurring in Tallahassee, they do say that it could be occurring in those instances where victims are unclear as to whether or not they had locked their vehicles.
Origins: Automobile remote keyless entry systems (RKE) were introduced in the 1980s. They've proved to be a big hit, making it easier for the grocery-laden to unlock their cars and sparing many of the terminally forgetful from finding they've left their keys in the ignitions of their now-locked vehicles or their purses on the seats of same.
The earliest RKE systems were quite vulnerable to the sort of attack described in the warning e-mails quoted above. Their RF transmitters (usually built into key fobs) sent unique identifying codes that could be picked off by 'code grabbers,' devices that recorded the codes sent out when drivers pushed buttons on their remote key fobs to lock or unlock their cars.
However, times change and technology advances. In response to the fixed code security weakness, automakers shifted from RKEs with fixed codes to systems
employing rolling random codes. These codes change every time a given RKE system is used to lock or unlock car doors and thus renders 'code grabbers' ineffective. That form of more robust code system became the industry standard for remote keyless entry systems in the mid-1990s, so automobiles newer than that are not vulnerable to being quickly and easily opened by criminals armed with code grabbers.
It is theoretically possible for a very determined thief armed with the right technology and the ability to manipulate it correctly to snatch a keycode from the air and use it to enter a vehicle. However, the complexity and length of time involved in that process means your typical crook can't simply grab an RKE code in a parking lot and open up the corresponding car within a minute or two: the would-be thief would need specialized knowledge and equipment and would have to spend hours (if not days) crunching data and replicating a device to produce the correct entry code, then hope he could locate the same vehicle again once all the other steps had been completed. (In most parking lot scenarios, the target car would be long gone before the putative thief was able to open it.) As Microchip Technology, the manufacturer of KEELOQ brand RKE systems, noted of this possibility:
The theoretical attack requires detailed knowledge of the system implementation and a combination of data, specialized skills, equipment and access to various components of a system which is seldom feasible. These theoretical attacks are not unique to the Keeloq system and could be applied to virtually any security system.
Research to be presented at the Network and Distributed System Security Symposium in February 2011 in San Diego will demonstrate a system whereby with the use of two antennas and other specialized equipment (costing between $100 and $1,000), vehicles can be tricked into opening. However, that system requires that one antenna be within eight meters of the key and the other located very close to the vehicle. It is expected car manufacturers will devise ways to circumvent the new methodology.
Many different law enforcement agencies have observed that the overwhelming majority of automobile break-in thefts (i.e., the stealing of property from car trunks or passenger compartments) are crimes of opportunity perpetrated by people in search of items they can quickly and easily re-sell for cash. Such criminals are not wont to delay their gratification for hours or days while their code grabbers crunch numbers and work out how to keylessly open particular cars: They instead resort to quick, tried-and-true methods such as jimmying locks and smashing windows, and if they can't get into a given car easily, they'll simply move on to the next one. None of the police agencies we spoke with had ever heard of an instance of an automobile break-in theft being accomplished through the method described above.
One of the circulated versions of this warning contains the contact information for Const. Wally Henry, an RCMP officer from Sherwood Park, Alberta. Henry disclaims the story being spread in his name, saying in his voice mail message to those who telephone, "If your call is concerning an e-mail with my name attached to it, please be advised that the information in that e-mail is false, and please do not disseminate it any further."