The National Insurance Crime Bureau has warned of a keyless entry hack that thieves are using to break into vehicles.
Reports surrounding the so-called “scanner boxes” have circulated for more than five years, after victims began finding their locked vehicles cleared of valuables but without any indication of forced entry. Surveillance footage later showed thieves using a mysterious small box that appeared to remotely unlock the vehicles.
“Our law enforcement partners tell us they are seeing this type of criminal activity and have recovered some of the illegal devices,” said NICB president Joe Wehrle. “Unfortunately, some of these devices are available on the internet.”
The organization recommends always locking vehicles, closing windows and concealing “tempting items” such as navigation systems or cellphones.
Full details surrounding the thieves’ tools remain unclear — if the police know how it works, they aren’t divulging the information. Most key fobs transmit a “rolling” code that changes each time the button is pressed, making a single transmission useless if it is simply recorded and repeated.
Researchers in 2007 claimed to have discovered a vulnerability in the “KeeLoq” algorithm used by automakers to encrypt the code for anti-theft keys. They theorized that the exploit could be used for a ‘sniffer’ that detects a key fob transmission and quickly determines a working code that can be retransmitted to unlock the vehicle.
The KeeLoq cipher is said to have been used by most major automakers for several years, though it is unclear if the latest key fobs have switched to a different cryptographic algorithm with a higher level of security.
The vulnerability identified by the researchers relies on receiving at least one transmission from the key fob for each specific vehicle, suggesting drivers may be able to protect their valuables by manually locking the doors.