7 On Your Side Investigates: Key fob car thefts


Some thought this was a brand new crime and a crime isolated to Southern California, but my investigation found its not and it isn't even what it appears to be. These cars aren't only being burglarized, they are being hacked.

Surveillance video shows two car burglaries underway. At a car on the right the thief presses a button on some sort of handheld device. The dome light comes on, the alarm is silenced, and the door unlocks. Then at the car to the left there is another criminal, another handheld device, and another burglary.

"The Long Beach Police Department has reached out to numerous organizations, even international organizations. They don't know what it is, they have no idea," said Long Beach Police Det. Joe Starbird.

Why? This isn't supposed to be possible.

Modern car security systems are equipped with rolling codes similar to those used on garage doors. Every time the fob button is pressed, a new code is sent. So even if a criminal with sophisticated scanning equipment detects and steals the code, it does them no good because the code changes with every push of the button.

"We've shown this video to experts in the field and everybody right now, they don't know what it is," said Starbird.

It is this handheld device. The crime, I find, has been seen internationally. A Netherlands-based security website discusses rolling codes being thwarted. But on the site no one knows how. A search of ABC News archives finds a similar incident in Chicago during September 2012.

Michael Shin's home surveillance system catches the thief in action.

"He walks past my car, the dome light comes on and he kind of stops in his tracks and walks right into the car," said Shin.

The Bay Area is not immune to this type of crime. A series of similar car burglaries were reported in Oakland in early 2011. A couple months later, another series of burglaries happened, this time in Palo Alto. So the Southern California burglaries are not the first, but they are the most notorious.

In Long Beach they are stumped. They simply have no idea what's going on, but here in San Francisco's Mission District they do.

Dan Kaminsky: "Cars are mobile computer networks now. Your engine talks to you, your tires talk to you, your dashboard talks to the rear lights in the back. Everything is a huge network. Everything has gone high tech including your vehicles."
Finney: "Were these cars hacked?"
Kaminsky: "Well, in a literal term, yes. The cars were hacked."

Kaminsky is a professional hacker and entrepreneur. He says separating the cars that were hacked from those that weren't will allow me to figure out which locks have the vulnerability.

"There were Jeeps, there were Mazda's, I think one was a BMW and the victims when we talked to them told us, they were positive they locked the car doors," said Starbird.

Surveillance video of the Long Beach thieves show they were unable to unlock a Ford Escape and a Cadillac. So we asked automakers for the names of the companies that provide their locks. They won't tell us. Kaminsky says the ball is in their court.

"The vehicle manufacturers can figure this out," said Kaminsky. "In this case, they're going to look at all the cars that did get broken into versus the ones that didn't and say, 'What's the piece of hardware in common? OK, this is the thing they broke.'"

I believe I have found the supplier of the locks that have been hacked, but without cooperation from the car manufacturers I cannot be certain. So I am passing this report along to the Long Beach police and I'll let them take it from here.

The take away for you is to never leave anything of value in your car. These thieves weren't looking through the car window for items, they were opening doors that unlocked.

Copyright © 2024 KGO-TV. All Rights Reserved.