Someone recently sent an email to our local neighbourhood and it went something like this:
We live at no 123, and I thought it was worth sending an email as my car was broken into last night on our driveway. My husband’s car was also broken into on our driveway the other night.
Both times, the burglars managed to open the car without forcing the locks. They stole my husband’s satnav out of the glove box and were clearly looking for the same in my car as my glove box was left open (I don’t have satnav!).
We reported both incidences to the police but wanted to let everyone know so that you can protect your cars. We believe that the burglars broke into the cars by locating the keyless car keys in our house and using the signal from our own keys to open the car doors without force or setting off the alarms. The best way to prevent this (according to google) is to keep your car key fob (and spares) in a tin, like a biscuit tin, as the signals can’t get through. We’re no experts on this, so we recommend that you look up Faraday cages on the internet. A good test is to put your keys in the tin, sit in the car and if it won’t start with the keys in the tin then it should make it difficult to scan for the signal from the key fob.
Wow, is this really a thing?
So, let’s just think about this for a second, and see if it is possible. Well, technically, there are ways people can unlock and even start a car without holding a remote, well known for 4-5 years. There are specific attacks for some cars such as Volkswagens and BMWs. There was even a physical proof of concept demonstrated in late 2017, that enables a person to open your car and even start it – as long as they have ‘reasonably close’ access to your keys.
This last PKE attack works by having one person be close to you and your keys (eg standing beside you in a public space) with a special radio scanner that sends a standard signal to your keys which asks them to start transmitting their encoded signal. They transmit this signal to another radio a few hundred metres away (theoretically) to someone else who is beside your car. The car receives the radio signal and the door can be unlocked and/or car started. It is essentially making your remote fob ‘long range’
So, let’s be clear that it works on certain cars only, the users will need to know which car is yours, and your car has to be of the type that is fully ‘passive’… ie you don’t have to press a button on the remote to unlock.
But… using the principles of Occam’s Razor, which very loosely says “the simplest scenario is probably the one used”, do we really think some criminals in a country of 5 Million people would bother to do the research, build some specialist radio transmitting equipment, work in pairs to steal a $100 navigation device with the possibility of ending up in prison?
NZ petty criminals are just not that smart to get the gear, work in pairs and use it here. Also, if they really had access to this equipment, they would have started and driven off with the car, not just taken some trinkets. If they had the tech, they would be concentrating on slightly more expensive luxury cars wouldn’t they?
So, what really happened?
Here’s what is more likely to have happened. In almost all cases of ex-car thefts there will have been something of value visible in the car… eg the satnav/ipod wasn’t actually in the glovebox. Most criminals work on opportunity, they won’t spend time to rummage though a car unless they know there is at least one thing that is worth their time. If the satnav was actually hidden, the other possibility is someone watched them take the satnav off the window and put it away.
These are the most likely methods were used to break into the car (in this order):
- The car was already unlocked. Hey, we often forget eg when we grab something out of the boot and forget to press the lock button on the car or fob again.
- They used the standard ‘stiff wire though the door trim’ method to pull open the lock (or the window might have been down slightly). You may not realise, but although many cars have remote opening, but not all have factory alarms. Using a wire to open a car lock is simple, and with practice can be done to most cars within seconds.
You can test for a factory alarm by getting someone to lock the car with you in it and open the door from the inside. If a siren goes off, you have one. Of 3 ‘modern’ cars we own, our 2014 and 2008 cars both have PKE and alarms, but our 2010 model doesn’t. A proximity type key/fob will go a long way to stop someone nicking the car, but it certainly doesn’t stop someone from getting inside.
- Or less likely…They had already nicked a key from you previously and made a copy (assuming again no factory alarm). Almost all key fobs still have a physical key inside or as well.
- They had already nicked a car remote from you (previous house burg, from your work, found your spare etc). You can delete old remotes from a car, but not everyone does.
- They had cloned the remote somehow (possible for some cars, but still lots of work and very unlikely). Again… if they managed this they would have stolen the whole car.
So what are the lessons in all of this this?
- Never leave anything visible in your car, and remove any bulk/expensive items.
- Always know where your keys & fobs are (all sets you have).
- Check if your car has a factory alarm (use the method above).
- Put visible things in the glovebox before you reach a destination, and for valuable things (eg laptop) it is worth stopping off earlier, putting it in the boot then driving the rest of the way (or make sure it is in there from your journey outset)
- If you want to put keys in a metal box for piece of mind, feel free. Lots of nice wall mounted key boxes are metal anyway.
- If you really are still worried about this PKE attack type, maybe also keep keys a metre or two from the external wall of your house.
- Delete the keys from the car (a dealer will help you do this) after they are stolen or lost.
Remember though… just because Google tells you there is a sophisticated attack that can be used to break into your car… it doesn’t mean that it is the most likely conclusion to jump to.