Connected car key fob stealing device found can unlock/steal 50+% of cars tested

MysteryDeviceInfographic-PhotoVersion-Final-11316It has been discovered how connected car break-in technology is being used to not only unlock and open vehicles, but to also start and steal them by NICB (National Insurance Crime Bureau). A device captures the key fob signal, then the signal is transferred to a key fob-like device that can open the door and unlock the car. Previously, the device was called the “mystery device.” Generally two thieves work the device, when the car owner uses the key fob, the signal is saved and then the second crook uses the signal replicator to activate car functions such as opening the door and starting the vehicle.

The fob signal capture needs to be very close to the key fob. We at AUTO Connected Car News think the best way to avoid key fob capture is not lock the car with the key fob but put the door lock button down before closing the door. Therefore thieves don’t see a key fob and also can’t capture the code.

NICB recently obtained one of the so-called “mystery devices” that are seen on security cameras across the country. In recent months, NICB has noted reports of thieves not only opening the vehicles, but also starting them and driving away. NICB notes that a car valet could easily capture a key fob signal and if the registration with address on it is in the car go to your home address to steal the car.

The device obtained by NICB was purchased through a third-party security expert from an overseas company. It was developed by engineers in an effort to provide manufacturers and other anti-theft organizations the ability to test the vulnerability of various vehicles’ systems. Called a “Relay Attack” unit, this particular model only works on cars and trucks that use a keyless remote and a push-button ignition.

The device captures the key fob signal. Then the key fob relay box transfers the signal to so side relay box. The side relay box unlocks the target car and when inside the vehicle can start the engine.

In a series of unscientific tests at different locations over a two-week period, 35 different makes and models of cars, SUVs, minivans and a pickup truck were tested. We partnered with NICB member company CarMax, because they are the nation’s largest used car retailer and have nearly every make and model in their inventory. Tests were also done at a new car dealership, an independent used car dealer, at an auto auction and on NICB employee vehicles and ones owned by private individuals.

The NICB was able to open 19 (54 percent) of the vehicles and start and drive away 18 (51 percent) of them. Of the 18 that were started, after driving them away and turning off the ignition, the device was used to restart 12 (34 percent) of the vehicles.

The vehicles were tested to see if it opened the door, started the car and drive the car as well as turn off and restart the engine without the original fob present.

NICB reports different devices are offered for sale to thieves. Some use different technology and may work on different makes and models and ignition systems. More expensive models may have a greater range and better capabilities for opening and starting a vehicle.

“We’ve now seen for ourselves that these devices work,” said NICB President and CEO Joe Wehrle. “Maybe they don’t work on all makes and models, but certainly on enough that car thieves can target and steal them with relative ease. And the scary part is that there’s no warning or explanation for the owner. Unless someone catches the crime on a security camera, there’s no way for the owner or the police to really know what happened. Many times, they think the vehicle has been towed.”

Wehrle says it’s important for law enforcement officers to be aware of this threat and be on the lookout for thieves who may be using the technology.

According to NICB’s Chief Operating Officer Jim Schweitzer, who oversees all NICB investigations, vehicle manufacturers must continue their efforts to counter the attacks on anti-theft technology.

While there may not be an effective way of preventing this kind of theft at this time, NICB advises drivers to always lock their vehicles and take the remote fob or keys with them. Drivers should also be on the lookout for suspicious persons or activity and alert law enforcement rather than confronting a possible thief.

It’s also a good idea to never invite a break-in by leaving valuables in plain sight. And once thieves get inside, they can easily steal a garage door opener and valuable papers such as the vehicle registration that could lead them to your home. So take the garage door opener with you and take a picture of your registration on your cell phone rather than keeping it in the glove compartment.

This hack is different from the Nick Bilton, signal amplifier hack, where the signal of the key fob is amplified to open car door to steal expensive goods inside the car.


1 thought on “Connected car key fob stealing device found can unlock/steal 50+% of cars tested”

  1. Seen on the news tonight the fob signal was stolen by following the car owner with a large signal receiver as the owner walked away from the car. The large signal receiver captured the fob ID that could then be used to unlock and start the car. Seems placing the fob in a small metal box (Faraday cage) before departing the car would suppress the fob signal and make it impossible to be captured by the car thief. Or we could go back to old fashion door and ignition key locks on our cars.

Comments are closed.