How are these car burglars hacking keyless remote locks?

Yes they use solenoids.
I thought of this but it won’t work.
You have two wires to the solenoid. Call them a and b. At rest both are connected to ground. Go to lock the car wire a is energized for a moment and since b is grounded the solenoid energizes and pulls the lock to the locked position. Go to unlock b gets energized, a is grounded so the solenoid magnetic field is reversed and the lock is pushed to the unlock position.
Here are the problems with your theory

  1. How do induce voltage in just one wire, not both? They are side by side in the harness. Voltage in both wires = no current flow.
  2. How do you get the voltage in the unlock wire and not in the lock wire?

First of all, it would be nearly impossible to hack a proper cryptographic keyless entry system. But I’ve never heard of any keyless entry system using proper cryptographic techniques. It’d be a lot easier to hack a rolling sequential code system.

Second, as others have already pointed out, some of these cars might not have been locked in the first place. Even aside from jamming, there are always going to be people who just plain forget to lock their doors.

Third, it’s not at all remarkable that somebody can walk through the parking lot, push a button on a handheld device, and cause the car to unlock. That’s exactly how the system is supposed to work, after all. Maybe the thieves have just somehow gotten ahold of the actual OEM fobs themselves-- Picking pockets, maybe, or grabbing one that accidentally got left on a restaurant table, or pursesnatching, or whatever.

Fourth, there are almost certainly backdoors. What does the repairman do if your fob gets broken? There has to be some other way to get in, or to attune a new fob, or whatever. Maybe the thief has a buddy who used to work at a dealership, and gave him the equipment the dealer uses to do that.

I think if the owners had lost a key it would be realized that that is what has happened, yet the police claim to be baffled. As far as repairmen and a backdoor, what happens if a key is lost is you mechanically open the door, perhaps using a slim jim, then go through an involved procedure to shut off the alarm (while it’s alarming the whole time). You can then link a new OEM fob to the car by putting it in the ignition and following another involved procedure, and there is no dealer shortcut for this, so linking a new key to the car involves FIRST gaining access to the interior of the car, Obviously none of this is what’s happening.

With the BMW security flaws, once you gained access to the OBD port inside the car you could program a new key from a blank, which you weren’t supposed to be able to do without the old key. You still have to use that device I linked to earlier to get into the car.

These cars aren’t being stolen, though, they’re just being rifled through. While the device is an intriguing mystery, it doesn’t seem to me to be all that much different than a normal smash-n-grab. A way to bypass the immobilizer systems and actually drive off with a newer car would be a big development in the car theft arena, but this isn’t so much.

Actually replacing a key is apparently even more involved than I said. My brother tells me that he lost his valet key (a special key that only does two things - open the drivers door and work in the ignition). He asked the dealer if they could order a new one. They told him that they would have to order a whole new set of keys because programming one new key would disable all of the old ones. So if someone did somehow manage to link an OEM key to a car, all of the other keys would be disabled; something the driver would be sure to notice. This may not be true for all makes but my brother drives a Honda which is the make mentioned in the article as having been broken into.

But we don’t know that for sure. All we know about are the ones that were rifled through. It’s possible that some have been stolen that way and it was assumed that they were hauled off on a flatbed.

But if it is true that they aren’t being stolen with this method that raises the question of why. If all they’re doing is unlocking a door and disabling an alarm without making it possible to actually start the car then that in itself is a clue and may indicate that they’re doing something other than hacking the security software.

I’m leaning towards the idea that they’re jamming the locking signal and the cars were therefore never locked in the first place, and that the police are mistaken that there is some device involved at the actual moment of breakin.

Wait a minute, it appears to be easy to program a new fob using instructions in the car manual or found on-line, from what I can see googling around. People do drop cars off for repair work, cleaning, etc. and leave their keys. It would be easy for someone to get your address from papers in the car, and program a fob to open the door.

And that would also explain why they’re not driving away in the car, not to mention this is happening at home addresses apparently.

How is this stumping to the police or security experts?

This is ridiculous. It’s far easier to pick a lock than it is to hack a remote entry system. Here’s a guy who did it in under 20 seconds

Because, as has been said repeatedly in this thread, it is NOT that easy. You need to already be inside the car to do what needs to be done to reprogram a key.

Yes, and as I mentioned it could be taking place anywhere where people do have access to the inside of your car, such as repair shops, cleaners, etc. Or maybe it’s someone at work who grabs your keys off your desk and borrows them for a few minutes. There are lots of opportunities here.

That does sound very plausible. The only potential pitfall there is that when you add a fob, all the other existing ones have to be reprogrammed. So if the victim had two fobs, the spare one would quit working. But, hey, those stupid things quit working all by themselves just fine.

Correct. And it may be something like that, but remember that the police and security experts are stumped. Surely they would have thought of this explanation and checked with the victims to see if they had any repair shops, etc. in common.

Of course it could be that these are unrelated incidents that they’re mistakenly lumping them together because they appear to be similar. And it could be that the occurrences of this kind of "mysterious break in aren’t really on the rise but that the appearance that they are is simply due to an increased use of security cameras.

But the scenario in this video doesn’t fit too nicely into that hypothesis. We see two different vehicles being broken into right next to each other in the same driveway. Of course they could belong to two members of the same family, but how often do two family members get both of their cars repaired on the same day at the same shop? And if they did, wouldn’t the police have determined that? And would the thieves clever enough to do this be dumb enough to clone both cars of the same family and then rob both of them simultaneously? That’s like pointing a neon sign at yourself.

And all of this is being done apparently for petty theft? It’s not like a lot of people keep their life savings or their expensive jewelry in their car.

Umm that isn’t a flaw. You have to be able to reprogram keys to a car where all the originals have been lost.
The alternative would be to throw the car away.

Good points. Now I’m stumped!

That’s a big part of why I think the “car wash dude cloning fobs” theory is more likely than the “new high tech hacking tool” one. Cloning a fob is not difficult and I think it’s quite possible that there’s some not-too-bright criminal doing it who’s simply been lucky nobody’s put two and two together thus far.

Ah, yeah, reading a little more on that they were indeed using the same tool a dealer or locksmith would use to reprogram the ECU to the new key/fob. I was thinking there was some way they were reprogramming the keys without the tool. The flaw really was that the motion-sensor couldn’t “see” the driver’s window or the OBD port, so the thieves could break the window and plug in their tool without the alarm going off. Plus they were keyless models, so no need to replicate the actual physical key or change the lock cylinder.

And how does the car wash dude know where all of these people live?

Hmm. Maybe their registration is in their glove compartment! All of the break ins discussed in that video and article apparently occurred with the vehicles parked in or near the owners residence. That may be because the break ins are done at night, or it may be that they aren’t random cars and the fobs have been cloned.

But if so, it’s not just one car wash dude, since the article mentioned this happening in several different areas of the country.

And of course, again the big objection to this kind of theory is that the police and security experts surely would have ruled out something so obvious before declaring themselves stumped. At least I hope that they would have.

And there’s also the issue of these break ins always occurring on the passenger side, as if that is somehow necessary to the process.

I wish we had more information, such as how many of these types of break ins have occurred, and did they always occur at the owner’s residence.

Dealers are not the way to go here, if you have the time. Online sites for replacement tech keys are much cheaper. The newest issue of Consumer Reports has an article about doing this.


I really don’t think much about the tricks of just breaking into a car. My other posts were concerned with driving off with the car. If someone wants to get into a car to steal items, the only tech he needs is a rock.

The way the modern automotive industry works, most parts are purchased from suppliers. For a hidden electronic system (like a door-locking mechanism) there are probably only a handfull of different systems available. It’s possible that one of these systems has a flaw which theives have learned how to exploit. If I was investigating this, I’d want to see a list of which car models seem to fall victim to this sort of attack, and then see if the same supplier made the door locking system for all of them.

This happened to me just last night.

About 8 months ago the same thing happened, the car was broken into and the work laptop and my Cell was stolen overnight with no damage to the car at all. Now I couldn’t be positive that I’d locked it but I was sure I had. I put it down to poor judgement and bad luck however the police did say that a few other cars had been broken into in the street just over in the same manner, no damage at all. The police believed that jammers were being used then.

Since the last time I lock the car with the remote and make sure that it’s locked physically by checking all 4 doors and I don’t keep valuables in the car anymore.

However this morning I unlocked the car and got in as usual to find the glove compartment down…Once I started the car the computer told me that the passenger door was open and the boot (trunk) as well.

I’m going to get CCTV now to catch them in the act.

And it’s expensive as hell, too. I lost my keys a while back and had to get new fobs for both my car and SWMOS’s, as well as the house alarm. 630 clams for the cars and another 125 for the house. Grrrrrr…:mad: