How are these car burglars hacking keyless remote locks?

What model was it? Do you know the models of the others that were broken into?

Maybe someone should sell key insurance for a couple bucks a year.

I just purchased a Dodge Ram and with the purchase comes a year subscription to Uconnect. Uconnect is able to send an unlock request to my vehicle via a cell phone app or from a web browser. I believe Uconnect is powered by Sprint. I think this is going to be the weakness.

Would like to know more about the security they use for this.

You can hack into wifi signals, cell phone signals, CB signals etc. Could a savvy thief hack into a fob signal as the door’s being locked?

These systems use “rolling” codes. So that the code to unlock the door changes each time. Having the code from the previous time doesn’t (hopefully) help.

But the people who write the firmware for these systems aren’t perfect, bugs happen, shortcuts are taken, etc. and on some systems, after recording a few codes, the “pattern” can be figured out and a legitimate code can be faked.

Sometimes these systems are more like security theater than actual security.

I read an article on making a gps using a nintendo ds and a salvaged on star receiver which I was reminded of while reading this thread. I know that on star can unlock your car doors for you so I wonder if , instead of hacking the key fob, are they hacking the on star or whatever system the manufacturer is using? To be honest I don’t know if other manufacturers have a similar system to on star.

I just saw this video (or one on the same topic) and have a guess on how. I think they are tricking convenience devices (like OnStar or such) by by using a “microcell” in a box that pretends to be the cell tower for the cellular based communications for the convenience device that also contains a fake online server/service provider that the convenience device expects to communicate with. When the microcell is close enough to the car the convenience device seeing the microcell as a stronger signal connects to the microcell . One for first tasks would be to update its network address it gets from the new microcell connection in the online service’s database, its now talking to a fake online service in the box with the microcell. Once the microcell box confirms the address update it likely follows that with a request to unlock. If all of the authentication of the user when calling the online service call center or using the remote app happens on the online services servers and the command sent to the car is just the command with no other validation when the command is received it would just unlock since it trust the online service that it thinks is the correct one.

I think the convenience service designers figured thieves would be targeting the car so the authentication would be the key itself to start it rather than targeting what people are leaving in their cars.

I know this thread is a little old. I agree that it is unlikely that cars with standard key fobs are the ones at risk here. I think it is related to the newer “always connected cars.”

In the original article, it says that the police are baffled and are looking to the public for help. If the break ins were only occurring with cars with Onstar (or similar) systems I’d think the police would have noticed that and would have mentioned it if they truly want help from the public. In any case, I would hope that Onstar type systems would be encrypted to prevent the type of attack you described.

I’ll pass this along for the young-uns:

The first “Remote Activated” garage door openers did not use radio transmitters - they used, essentially, tuning forks to produce a sound (too high for human ears) wave which the opener recognized.

Burglars would get a clicker and drive down the street, clicking away and see if an interesting-looking door opened.

In the late 80’s I lived in an apt complex which still used audio clickers to open the gate. This was Salinas, but even there, I’d expect a bit more sophistication.