More like this

Security

Manchester car park lock hack leads to horn-blare hoo-ha

Shoppers left deafened and bewildered by botched radio jamming incident

car hacking

Vehicles across an entire car park in Manchester had their locks jammed on Sunday as the apparent result of a botched criminally-motivated hack.

No one at the Manchester Fort Shopping Park, in north Manchester, was able to lock their car's doors on Sunday evening as a result of the attack by persons as-yet unknown.

Manual locking still worked, of course, but even then boots were still unlocked in some cases, leaving motorists little option but to wait by their cars. In addition to leaving cars open, the bungling thieves set off multiple alarms.

Someone was jamming the signal to every car in the car park creating chaos in the process, as a video clip uploaded to Facebook illustrates. The attack was probably carried out using a £30 jamming device bought over the internet. Such devices have been the subject of recent police warnings via local paper the Manchester Evening News.

Thieves jam radio frequency signals using the device so that when a mark attempts to lock their car with a remote fob, the signal is lost and the car doesn’t actually lock, leaving thieves free to plunder its contents. The same devices allow crooks to bypass car coding and re-program vehicles before driving off in them. Evidently, last Sunday things went hopelessly awry.

"It was very eerie and there were so many confused people trying to lock their doors to no avail," eye-witness Autumn DePoe-Hughes, the woman who uploaded the Facebook video, said. "Someone else had complete control over all of our cars for well over half an hour."

DePoe-Hughes – who said as far as she know nothing was taken and the incident was not reported to the police – gave El Reg a fuller account of the confusion caused by the incident.

We were there for at least a half an hour and according to people around us, it had been going on before we got there. It was continuing as we left, so I don’t know how long it continued on.

The mall was closing up for the day and we had no way to secure the boot (trunk) of our car, so we left. We were unable to lock the car with the fobs throughout our time there and the same happened to those around us, including one very confused mother.

I went around speaking to people and they all confirmed that they could not lock their cars and couldn’t figure out what was going on. They all thought their cars needed to be repaired.

The incident has all sorts of implications. If thieves steal something from a car using the tactic then they won't have to go old school and force open locks. That means that victims will be left with a harder job to claim for their losses against car insurance because it will be difficult to prove they locked their car prior to the theft, leaving insurance firms free to deny liability.

Ken Munro, a director at security consultancy Pen Test Partners, a security researcher who has investigated aspects of electronic car insecurity in the past, said electronic jamming devices were probably behind the incident.

"It’s basically the opposite of the amplification attack carried out against keyless entry cars," Munro told El Reg.

"There have been a spate of thefts reported which appear to be linked to devices used to amplify the signal from your keys whilst in your house. The car unlocks outside on your drive, as it thinks the key is now within range, the thief gets in and drives off."

The mis-firing Manchester car park attack applies the same carjacker technology to a slightly different, equally malicious end.

"This attack is more about jamming the radio signal from the keyfob to the car," Munro explained. "Jammers are readily & cheaply available online from overseas sources, though even possession may be illegal, depending on the country you’re in. It’s also fairly easy to make a jammer from components available at electronics shops."

"If one can jam the signal, the user can’t lock the car, so the thief may be able to jump in and steal it. Some vehicles allow keys to be programmed from the on-board diagnostics (OBD) port, which the thief has access to once inside the car, though this varies," he added.

The whole Manchester car park horn-blare omnishambles raises wider questions about the security and reliability of electronic door locks.

"Manually lock your doors or make sure you see/hear the locks lock," DePoe-Hughes advised. ®

Sponsored: The Nuts and Bolts of Ransomware in 2016