Feeds

Police 'stumped' by car thefts using electronic skeleton key

Appeal for the public's help

Choosing a cloud hosting partner with confidence

Police in California have admitted they are baffled by a series of car thefts where robbers use a small hand-held electronic device to unlock supposedly secure car-locking systems.

"This is bad in the sense we're stumped," Long Beach deputy police chief David Hendricks told NBC. "We are stumped and we don't know what this technology is."

The police force has taken the unusual step of releasing video of two recent car break-ins in the southern California town by robbers using the device, which resembles an electronic key fob. In both cases the device unlocks the passenger side door and appears to disable the alarm system, allowing the thieves to rummage through the car but not drive it off.

Hendricks said that the force has been in discussions with car manufacturers and mechanics to try and find out what the device is, but so far have had no luck and are appealing to the public for information.

"This is really frustrating because clearly they've figured out something that looks really simple and whatever it is they're doing, it takes just seconds to do," said security consultant Jim Stickley. "And you look and you go, 'That should not be possible'."

Cracking electronic car keys is perfectly possible. Back in 2011 a Swiss team of researchers opened and started cars from eight different manufacturers using inexpensive hardware.

The team positioned one aerial next to the target car and another within eight meters of the car key itself. By transmitting data between the two using both wired and wireless communication the car could be unlocked and disarmed.

More recently, El Reg reported last year on a $30 kit that can be used to hack cars using the On-board diagnostics (OBD) computer system. The system was being used in Britain to scan and copy key fobs for high-end BMW vehicles.

This latest device looks like it could be somewhat similar, but it's not known if the car thieves staked out the two robbed Long Beach cars in the police video to copy their owner's keys, or if this new device is the car robber's dream: a universal access key that works on most models.

California police have advised motorists to empty their car of all valuables at night – including garage door openers that could be used to burgle a property. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.