Forwarded email urges vehicle owners to lock doors manually instead of using a remote key, otherwise thieves might be able to clone the security code (a technique known as 'code grabbing') and gain entry to the vehicle.
Description: Email flier
Circulating since: June 2008
Email example contributed by J. Meyer, July 24, 2008:
Beware folks. This is news you can use.
THIS HAS BEEN CHECKED ON SNOPES
A friend's son came over yesterday - he had to go to Canada for work last week. One of the other engineer's traveling to Canada with him, but in his own car had something happen... that I need to share.
While traveling he stopped at the roadside park, similar to what we have here with bathrooms, vending machines etc. He came out to his car less than 4-5 minutes later and found someone had gotten into his car, and stolen his cell phone, laptop computer, gps navigator, briefcase..... you name it.
They called the police and since there were no signs of his car being broke into - the police told him that there is a device that robbers are using now to clone your security code when you lock your doors on your car using your key-chain locking device. They set a distance away and watch for their next victim. Since they know you are going inside of the store, restaurant, or bathroom and have a few minutes to steal and run.
The police office said... to be sure to manually lock your car door-by hitting the lock button inside the car, that way if there is someone setting in a parking lot watching for their next victim it will not be you.
When you hit the lock button on your car upon exiting... it does not send the security code, but if you walk away and use the door lock on your key chain- it sends the code thru the airwaves where it can be stolen.
I just wanted to let you know about this... it is something totally new to us...and this is real... it just happened this past Thursday June 19th to his co-worker...
so be aware of this and please pass this note on... look how many times we all lock our doors with our keys... just to be sure we remembered to lock them.... and bingo the guys have our code... and whatever was in the car... can be gone.
This came from a friend......
This is very troubling what lengths people will go to to steal what doesn't belong to them! I do almost 100% of the time lock my car on the door lock inside when I exit the car. Little did I know that is the best way to lock your car.
Analysis: First, a word to the wise. Just because an email says the information it contains has been verified on Snopes.com (or elsewhere), that isn't necessarily the case. This message, for example, is false.
Given the current state of remote keyless entry (RKE) technology, some version of the scenario described above may be theoretically possible, but it isn't a threat the average vehicle owner needs to worry about. Virtually all RKE systems use a form of data encryption adopted in the late 1990s known as KEELOQ, which, though it has been shown in experiments to be potentially vulnerable to hackers, still presents a formidable enough technological hurdle that most car thieves wouldn't even be able to attempt cracking it.
'Code grabbing' became obsolete in the late '90s
As written, the warning reads more like a blast from the past, when RKE technology was still in its infancy, than a cutting-edge informational alert. Compare it to this excerpt from a New York Times article dated July 14, 1996:
You park at the airport, remove your luggage, push the button on the key fob to lock the doors, and walk away thinking your car will be secure until you return. Think again.A similar warning was issued in a CBS News report aired in 1998:
Experts on vehicle theft say sophisticated car thieves have taken to hiding in parking lots where there is a lot of traffic, like those at airports, with high-tech recording devices. As you lock your car with the keyless remote control, the thieves record the signal that it transmits. After you leave, they play back the recording, unlock your car and steal it.
Security specialist Ed Meenan of Avital Technologies showed us how a "Code Grabber" can secretly be used to pick up the keyless remote's signal. Only this transmitter doesn't just read the frequency, it records it and plays it back!That, however, was 10 years ago. Soon after these stories were published, the adoption of KEELOQ encryption made "code grabbing" a thing of the past.
"So typically, what happens is a person will arm their alarm, which in fact does lock their doors, [and] walk into a mall knowing for a couple of hours that their car is protected," Meenan explains.
Not exactly. Now their car is defenseless to a "Code Grabber." And it's so easy to use. Armed with the electronic "code grabber," we could steal motorists' car keys right out of thin air.
While it's true that a 2007 study claimed to identify vulnerabilities in KEELOQ encryption, prompting some experts to call for improvements, others downplayed its real-world significance. "There is not a whole lot of threat to the end consumer," PGP Corp. chief technology officer Jon Callas explained to MSNBC in August of last year. "A guy with a Slim Jim is a bigger threat."
Sources and further reading:
A Scramble to Thwart high-Tech Thieves
New York Times, 14 July 1996
Code Cracking: Insecurity in the Car Lot
CBS News, 6 May 1998
Remote Keyless Entry: Staying a Step Ahead of Car Thieves
New York Times, 7 June 2001
Researchers Say They've Hacked Car Door Locks
MSNBC: Red Tape Chronicles, 28 August 2007
Microchip Technology's KEELOQ Security System Is Resistant to Recent Theoretical Code Cracking
Microchip Technology press release, 31 August 2007
Last updated: 08/20/08