A car theft ring that used fraudulent software to “hack” and steal vehicles with remote keyless entry and ignition systems has been dismantled by the French National Gendarmerie, Europol announced on Monday.
“The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away,” the EU law enforcement agency said.
“The criminals targeted keyless vehicles from two French car manufacturers. A fraudulent tool – marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob.”
Software developers arrested
Europol says that 31 individuals have been arrested and that among them were the software developers, resellers of the software, and the actual car thieves who used the software to steal vehicles.
A report by the Agence France-Presse (APF), carried by French news outlets, says that the thieves bought from the resellers tablets, software and connectors, which allowed them both to duplicate vehicle keys and to program blank keys without having the original, and to modify the embedded systems of many vehicles.
The organization sold this digital attack kits online. The Gendarmerie did not share the URL of the website but said that that the (now shut down) site registered 53,000 connections, which were possibly attempts to reprogram keys.
The law enforcement agencies did not share how the crooks managed to install/connect this malicious automotive diagnostic solution to the targeted vehicles, so they could replace the vehicles’ software and make their duplicated keys could work. It’s possible they paid someone to do it covertly at car dealerships, mechanic shops, or any other place where vehicles are left unattended for short or long periods.
All in all, 31 individuals have been arrested so far. The French Gendarmerie had help from Europol and Eurojust, as well as the Spanish and Latvian police (two suspects are from Spain and Latvia).
This is not the first time that crooks find ways to steal cars that can be opened remotely with key fobs, and it won’t be the last.