7 On Your Side: How cars can get hacked


The biggest concern with car break-ins used to be a rock through a window or an unlocked door, but earlier this year a string of mysterious car burglaries in Southern California stumped investigators. It turns out, there were no forced entries and technology had made the crime possible. That sparked this 7 On Your Side investigation and found your car is at risk too.

Oakland resident Don Honor believes he's the victim of a car hacking. He told us, "During the night, the car had been broken into, which made me kind of angry because the car is right here in the driveway and I couldn't believe it. I know I locked it."

That same night, in Honor's neighborhood another car was burglarized.

The electronics in a key fob are complicated and sophisticated, but the idea behind it isn't. It is like a child's swimming pool game of Marco Polo. When you push the button on the key fob it says "Marco". The car answers "Polo" and then the key fob again says "Marco" and that's when the car unlocks.

Finney: "So what do you think is happening?"
Honor: "I think someone has some sort of mechanism that can electronically trigger the device."

7 On Your Side first alerted you to this safety issue in May when some thieves were caught on camera. That was when we got our first good look at car hackers in action. Using a hand held device, they broke into multiple cars in Long Beach, leaving police stumped and confused.

"The Long Beach Police Department has reached out to numerous organizations, even international organizations. They don't know what it is, they have no idea," said Long Beach Police Det. Joe Starbird back in May.

We asked at that time if these cars were hacked.

Dan Kaminsky, a San Francisco-based professional hacker and entrepreneur replied, "Well, in a literal term, yes. The cars were hacked." He also predicted more car hacking in the future and it appears he was right.

Steven Doi's car was recently hacked in Corona, California. His dash cam caught a person in front of the car. Now, for the first time, we get a close up look at one of those handheld mystery devices that unlock the cars. It is a box about the size of a couple of decks of cards.

"I was like, 'Whoa!' You see this guy walking back and forth in front of the car. Sure enough in the video you can hear the car lock go 'buh,'" said Doi.

The thief made off with $3,000 worth of electronic gear. And that brings us to professor Christof Paar who is a security researcher with the University of Bochum, Germany and the University of Massachusetts Amherst. He says car company security engineers are working in secret when designing security systems and that is actually part of the problem.

"The old model that the car industry is still widely using is called 'security by obscurity'. It is only secure as long as the bad guys don't know how it works," said Paar.

With computer security, nothing is obscured. The bad guys know how security systems work; they just can't get to the codes or keys. With cars, once the system is known, the codes and keys, the professor says, can be easily found.

"Often it is only a matter of reverse engineering the system, knowing how they work, and once you know how they work it becomes very easy to break," said Paar.

Long Beach police have identified an electronic testing tool as the mystery device used to unlock vehicles and they are not releasing any details. Security experts I have spoken with are not so sure, believing instead that hackers from around the world are developing multiple devices.

So where does this leave you? At this point, the best way to protect yourself is to remove valuables from your car.

Copyright © 2024 KGO-TV. All Rights Reserved.