Car Thieves Arrested After Using $27,000 Game Boy Device (bbc.com) 104
An anonymous reader quotes a report from the BBC: A gang of car thieves used a handheld device disguised as a Nintendo Game Boy to steal vehicles worth $245,000. Dylan Armer, Christopher Bowes and Thomas Poulson stole five Mitsubishi Outlanders by using the gadget to bypass the cars' security systems. West Yorkshire Police said the device, worth $27,000 could unlock and start a car "in a matter of seconds." The trio, all from Yorkshire, were jailed at Leeds Crown Court after pleading guilty to conspiracy to steal. CCTV footage of the theft showed them unplug the car from its charging point before using the device to unlock and start it. When officers stopped the three men they found the Game Boy-style gadget hidden in a secret compartment of their car. Police said footage recovered from Poulson's phone showed him demonstrating "how quickly and easily the gadget gave them full access to the vehicles, accompanied by a commentary in mocking tones." The force added that the "significant investment required to buy one of the sophisticated devices suggested the thefts were planned and orchestrated crimes."
Relay attack, I assume. (Score:3)
Article doesn't say, though. I suspect that the days of the relay attack are numbered; there are too many potential countermeasures, and some of them (for example, extremely precise timers to measure the speed of light delay) are absolutely lock out the potential of relay attacks within the bounds of the laws of physics.
Re: (Score:2)
Nope. TOF mesurement is not possble with narrowband RKE.
UWB could do it.
Re: (Score:2)
I don't grok why these cars don't just shut down if they lose the signal from the key. Thieves would get 100 yards away then have to abandon it.
Re:Relay attack, I assume. (Score:4, Insightful)
because the car doesn't maintain a constant connection to the keyfob while the car is in motion, even with the keyfob in the car itself. The short-range auth/unlock signal can get blocked especially as the battery gets weaker over a couple years.
so 99.99% of the time it'd be owners dropping keyfobs between the seats, behind the metalwork of the chair, that stops cars in the middle of a dangerous road instead of a thief driving off.
Re: (Score:2)
because the car doesn't maintain a constant connection to the keyfob while the car is in motion, even with the keyfob in the car itself. The short-range auth/unlock signal can get blocked especially as the battery gets weaker over a couple years.
so 99.99% of the time it'd be owners dropping keyfobs between the seats, behind the metalwork of the chair, that stops cars in the middle of a dangerous road instead of a thief driving off.
So.... some sort of battery indicator and a little keyfob tray would work?
Re:Relay attack, I assume. (Score:5, Funny)
Well, it might bounce out of the tray when you hit a bump. Better have a slot you put it in, and then maybe the ability to turn it like 90 degrees to lock in place.
Re: (Score:2)
Well, it might bounce out of the tray when you hit a bump. Better have a slot you put it in, and then maybe the ability to turn it like 90 degrees to lock in place.
Erm... don't most people keep the key FOB in their pocket (or bag)? Seems kind of counter productive to make a car without an turn-key ignition and then require me to put the key somewhere else to keep the car running. Why not just bring back the key and barrel?
Re: (Score:3)
My Prius does keep a constant connection. I think it is RFID, but haven't really looked into it. If I leave the car running, step out and shut the door, it will beep at me telling me the car is running with no key inside. When I walk up to it, without even touching the key or the car, the interior lights turn on. When I touch the door handle on the inside, it unlocks the car (outside locks it). These features wouldn't work if it wasn't in constant contact with the key through some mechanism.
All this on
Re: (Score:2)
Thank you for letting me know to never buy a Prius. That amount of incessantly doing things without me explicitly taking action would drive me nuts.
Re: (Score:2)
So door status change triggers a re-scan. But according to your report, the car doesn't shut down when you walk away.
If you really want to test it, get in, start the car, and then hand your keys to someone through the window. Now drive away. See if the car shuts off at any point. Please don't try this on busy roads just in case.
Re: (Score:2)
The one thing that makes me think continuous polling is the light turning on when you get near. It could just be the ultrasonic parking sensors picking me up, but it only does it if I have the key.
I am pretty sure the car can drive fine with no key in it if it is already turned on, but it knows there is no key. It might disable to car after X miles or Y MPH, but yes, it does not turn off if you walk away.
Personally, I only use the feature when I am pretty sure no one will mess with it, to allow the headli
Re: Relay attack, I assume. (Score:3)
For a Jeep Cherokee, 2021 model year, it notices if the driver gets out of a running car with the key fob. It will start to beep and the passenger has to push the ignition button to keep the engine running. If they don't it will shut off.
To be clear, I've only tested this while parked, not moving. :-)
Re: (Score:2)
Do you really think it is a wise idea to disable a car because the battery in a key fob has died?
Re: (Score:2)
Moot. If the battery dies you won't be able to unlock the car and get inside in the first place.
Re: (Score:3)
Eh? Of course you can unlock the car, the fob still has a physical key in it that you can use to unlock the door. You can also start the car with a dead fob battery.
Re: (Score:2)
OK, we can make it not shut down if there's a physical key in the ignition switch. How's that?
The cars being discussed here can be started without that though. That's the whole point.
Re: (Score:2)
What ignition switch. At least one type has no key ignition switch, just a non key button.
Re: (Score:1, Insightful)
Is it really any less dumb than taking a vaccine for a disease you already beat? Especially when the vaccine has known complications. People don't think things through.
Speaking of dumb things... there's your post, for example.
Re: (Score:2)
Is it really necessary for you to write conspiratorial off-topic posts rather than just looking at a graph [springfiel...llness.com] to answer your question?
Re:Relay attack, I assume. (Score:4, Funny)
I"ve never reached this level nor found this secret bonus round.
Re: Relay attack, I assume. (Score:1)
Re: (Score:2)
Re: (Score:2)
Where did you see me specify narrowband RKE? I was talking about the concept of relay attacks in general. I did not say that TOF is just simply a software patch.
Re: (Score:2)
But there are some countermeasures that are indeed simply software patches, though generally not 100% security. Even some creative things I never would have thought of, like using the pedestrian speakers that a lot of BEVs, PHEVs and hybrids have now to pay a response sound as a second factor, so now the attacker has to try to repeat the response sound as well, typically through a wall, causing distortion that the recipient can be trained to reject.
I simply brought up TOF because if implemented - which req
Re: (Score:2)
I don't know if it will really be patched. There is a difference between an effective countermeasure, and having it implemented with a vehicle's security system, especially with the time it takes to get new CPUs and code new software, especially security modules.
Instead, as a stopgap measure, I wish there were a way that cars could have a way to just completely shut the proximity detector off, and only lock/unlock through the buttons on the remote. That way, relay attacks can be foiled more easily.
Re: (Score:2)
You could implement a physical knock-knock protocol. :)
Re: (Score:2)
That's not far off from what Tesla's stopgap measure was ;) They added in a optional "PIN to drive" feature.
Re: (Score:1)
You could implement a physical knock-knock protocol. :)
I suppose you could, but that would depend on "Who's There". ;)
Re: (Score:2)
H: "Knock knock"
T: "Who's there?"
H: "It's me your owner."
T: "Voice print matched... fuck off homeless Mike!"
Re: (Score:2)
Re: (Score:2)
Where are (apparently multiple, based on the comments) people getting the idea that "days are numbered" means "all vehicles will be software patched"?
"Days are numbered" = "This will not go on forever". Manufacturers have solutions to make new vehicles physically unvulnerable to relay attacks and will implement them. Existing vehicles will depreciate and increasingly not be worth anyone's time to steal.
(Not that there are no software patches to resist relay attacks - there absolutely are. But TOF, a physica
Re:Relay attack, I assume. (Score:4, Interesting)
I doubt this gadget used a relay attack. Note that the thieves stole five vehicles of the same model. My guess is that it took advantage of some exploit that is specific to the wireless key system of the Mitsubishi Outlander.
Despite all the press about relay attacks, getting them to work is extremely difficult even under the best of circumstances. People assume that common criminals carry relay boxes around all the time. The reality (as you quickly learn when looking at security footage) is that the thieves find an unlocked door, try pushing the start button, and drive off when the engine immediately starts.
You'd be amazed how often people leave (or lose) a key fob in their vehicle. Perhaps it only happens to one in a thousand cars, but when the thieves try hundreds of door handles every night, sooner or later they get lucky. Door checkers travel in teams, and can cover an entire block in a matter of minutes. They don't need $27,000 electronic boxes to steal cars - just manpower and a little luck.
Nor would key fobs need sophisticated speed-of-light delay countermeasures even if relay attacks were common. It would be far easier to put a small accelerometer or capacitive sensor in the fob, so that it only "wakes up" when it is moved or handled. Just having a 10-minute auto-lock default for vehicle doors would prevent 95% of potential theft where I live.
Re:Relay attack, I assume. (Score:4, Informative)
There's an after-market device that wraps the battery in your fob, and cuts the power to the fob 180secs after it stops moving.
It's a bit pricey, but works well - I use it.
I'm not sure if I should be posting links, but in the EU you can see it at https://www.carsystems.eu/keyl... [carsystems.eu]
Re: (Score:2)
Thanks for the link - I had no idea such a thing could be purchased.
This is exactly the functionality that all auto manufacturers should put into their key fobs.
Re: (Score:2)
I guess this might be a problem for people that park their cars on the street, but the two solutions you suggest would be at odds with each other. If the car doors automatically lock after 10 minutes, then how can the owner open the door in your scenario of
Re: (Score:2)
Re: (Score:2)
If you REALLY want to kill the relay attack, put buttons on the FOB that must be pressed to unlock or start the car. It's easy to get a transceiver next to the fob, but a little suspicious if you ask the owner "would you please press the start button on your car key?"
But auto makers have repeatedly demonstrated that they don't actually care about the security of your vehicle NEARLY as much as they care about locking out 3rd party repairs.
Re: (Score:1)
There's no way this is a simple relay attack... not if the device to do it is worth $27k.
Matter of fact, I can't think of what device to do this could *possibly* cost $27k, unless that's some industrious criminal taking a $350 proxmark, putting it in a case with a screen and some extra automation, and selling it at an enormous premium to people without the knowledge to do it themselves.
There isn't much in the way of portable RFID hardware that costs more than about $500, that I'm aware of.... the stuff nece
Security (Score:2)
Re: (Score:2)
Mitsubishi, maybe that explains it.
It explains what, exactly?
Re: Security (Score:1)
Ignore the old troll.
Anyone who hates Mitsubishi vehicles probably peaked on the 80â(TM)s and needs viagra to think properly.
Re: (Score:2)
You talk as if "Made In The USA" is somehow better.
Re: (Score:2)
Re: (Score:2)
This thing didn't cost $27k, that's just what the idiot police repeated after whichever manufacturer made up a huge number for them. Sounds a lot better than your $100k car's sophisticated anti-theft tech is easily defeated by a $50 sdr setup.
That's my guess - sdr radio, rpi and battery hidden in a gameboy gase.
Re: Security (Score:2)
It's West Yorkshire Police so go easy on them. They are considered clownish even by the standards of UK policing.
Mocked after posting a picture of a tiny cannabis find, boasting as if they had caught Pablo Escobar himself: https://www.standard.co.uk/new... [standard.co.uk]
Officers sacked for behaviour including attacking former partner and asking a vulnerable woman for sex: https://www.examinerlive.co.uk... [examinerlive.co.uk]
And of course they somehow managed to not notice multiple Pakistani child grooming gangs. As a coda to this it emerged
Re: (Score:2)
Which meant physically standing at the vehicle and being visible to anyone around, plus the time it took to unlock the door (which could be defeated with simple piece of metal), and the time it takes to undo the ignitition.
Whereas, since we're so hepped up on
Bought a software defined car? (Score:5, Interesting)
When I changed my truck 3 years ago, I specifically went for the lower spec model because it has no keyless entry. Why? Because they are actively hacked and exploited out there. Two antennas, RX/TX the keyfob to imitate proximity and unlock and the car is yours.
If you have two brain cells, you do not steal it though - you simply pinch one of the relays from the relay box (usually ignition) and then "happen to have a tow truck and a garage behind the corner". Works a treat. I have met victims who have been swindled this way in (so far): USA, Slovenia, Serbia, Romania, Bulgaria and Poland. Works every time. Easy money.
Re: (Score:2)
Yeah, before all this car stealing didn't exist. Thieves had to break into easier targets...like a child's lemonade stand.
Re: (Score:2)
That's dangerous stuff. It's one thing to be on the run from the police, but if you're on the run from the mom's brigade then you're on the run for life!
Re: (Score:2)
Smash and grab has always been around, and the police don't bother investigating, regardless of state. $300 stereo was stolen? Police don't care, they'll keep an eye out but forget about the kid who did it ever being caught. The reasons states aren't prosecuting these actively is because it's an immense expense for no gain.
Now sticking a gun in someone's face, that's suddenly a felony and all US states will take that seriously even while some tough-on-law proponents are crying that the person who shoplif
Re: (Score:2)
Because they are actively hacked and exploited out there. Two antennas, RX/TX the keyfob to imitate proximity and unlock and the car is yours.
So how does this work? Do you need a 2nd person to get close to the car owner, to pickup the signal and relay it to the guy stealing the car?
Re: (Score:2)
So how does this work? Do you need a 2nd person to get close to the car owner, to pickup the signal and relay it to the guy stealing the car?
Yes.
It can often work if one guy stands next to the front door of a house and the other stands next to the car out in the street, too.
Re: (Score:3)
I heard somewhere that at least BMW has added additional protection to the key fob, namely a motion sensor. So if the fob is stationary - on a desk in your house, for example - it shuts down and does not provide a signal for the relay. Only when you pick it up and hit the road does it activate.
Of course this does not help against situations where you actually *do* have the keys on you, but at least the situation where thieves have all the time in the world is mitigated.
Re: (Score:3)
That is probably one of the better mitigations. If a fob has been stationary for a while, just stop communicating with the vehicle. This not just provides security, but saves battery. Then when the fob is jostled, wake up and reconnect.
One thing that would be nice would be a switch on the fob to turn off proximity completely, just so one knows 100% that a relay attack isn't going to happen.
Re: (Score:2)
One thing that would be nice would be a switch on the fob to turn off proximity completely, just so one knows 100% that a relay attack isn't going to happen.
Maybe it could require a button press on the fob to unlock the car if you used a double-click to lock it.
The key fob could also beep (politely) when the car is activated. That could warn you about relay attacks if you're in a restaurant or something.
There's lots of little things they could do.
Re: (Score:2)
I heard somewhere that at least BMW has added additional protection to the key fob, namely a motion sensor. So if the fob is stationary - on a desk in your house, for example - it shuts down and does not provide a signal for the relay.
Nice!
Re: (Score:2)
It can often work if one guy stands next to the front door of a house
Keep your keys in an Altoids tin.
Re: (Score:3)
But people can and have picked locks for ages, or done any number of other exploits to get into a car and start it.
The hardest attack to foil in the electronic attack scenario is a relay attack, and that can be solved as well.
Assuming a dedicated hardware device, you can have timing so tight that you can enact, say, a challenge/response with a 20 nanosecond timeout on top of a delay calibrated to the hardware. This would require the device to be within 3m (6m total travel time round trip). Obviously there
Re: (Score:2)
Sheesh, if you're going to go to all that trouble, why not just put a fingerprint reader on the door handle?
Re: (Score:1)
Same here. I wanted to get the higher level trim, but it only came with keyless entry / push button start. I just didn't trust it and my mind is like what if the battery dies... and couldn't really see the benefit of it.
Oddly enough, push button start is actually less convenient in my case. I took manual driving lessons in a Subaru BRZ and it had push button start. Oddly, when learning to drive manual, push button start is much less convenient as the button is located away from the steering wheel. If you ha
Re: (Score:2)
Different makers approach the "dead fob battery" part in different ways. Assuming regular use (as opposed to sitting in a drawer for years), the fob battery isn't going to go from "working" to "100% dead" instantly. I have a Honda, and when the fob battery was failing, I could hold it up next to the start button and it still worked (and then I got a new battery).
Steering wheel space is limited, and adding more buttons just makes it more confusing to the average driver. In general the start button is not nee
Re: (Score:2)
On some cars, there is a spot for a fob that it can be placed on top of, where low power RFID is used, which works, battery or no. I know newer Ford pickups have this.
I wouldn't mind a mechanical key as an option. This not just provides a solid way that is immune from remote electronic attack, but also is effective at locking the steering wheel, ensuring that even if the electronics are started, the vehicle isn't going anywhere. Perhaps have the mechanical key as an on/off switch, so if one just wants to
Re: (Score:2)
My Hyundai has keyless entry and push button start. A dead fob battery is a non-issue. First, the car (normally) warns you that the fob battery needs replacing. But even if you let it go completely dead, all you have to do is pop the mechanical key out of the fob and use it to unlock the door. To start the car with a dead fob you push the start button with the fob. Not sure how that works, but it does.
As for the benefits, the big one I see (for keyless entry) is you don't wind up with a frozen keyhole.
Re: (Score:1)
The chips used for this have two RF circuits - a higher-frequency circuit powered by the fob battery (and also used when you hit a remote unlock button, etc.), and a LF one used to power the core crypto functions of the chip and communicate to the car from a close distance (like the older and more simple chip keys that didn't have a battery and remote buttons built into the same key).
So, if your battery dies, the whole thing switches over and uses LF. You have to put it close to the push button (or whereve
Re: (Score:3)
Check out some Lock Picking Lawyer videos on YouTube. The old manual key locks were not much better, easily picked in a few seconds in most cases.
What does help is an immobilizer. They use radio waves but only at extremely close range, and like RFID the radio waves power the key so are impractical to relay over more than a few centimetres.
Re: (Score:3)
Mechanical auto keys were bad and highly insecure. I once unlocked and started the wrong car once before I realized there were packages on the seat that weren't mine... Basically the big auto makers had a tiny set of key patterns that kept getting replicated, even across models. Lose the key, and the auto shop will get you a replacement very quickly, just read that number off of the lock, go to the right bin, and presto. For the car thief pros this is easy; for the noobs they just smash, grab, and run a
Re: (Score:2)
Re: (Score:2)
And yet thefts of vehicles have been steadily trending downward, and are now less than half of what they were in 1990. https://www.statista.com/stati... [statista.com]
The device (Score:2)
I'm more interested in the device and who sells them. Seems like a great markup for what's probably a Raspberry Pi and a HackRF.
Re: (Score:3)
That's geeks for you. They see the hardware, and ignore the poor programmer and all the invisible work he did.
Re: (Score:2)
The programming isn't all that complex. It's likely just some development boards for the particular RF system they use in those cars, and a little microcontroller that relays packets. Some high gain antennas and cranked transmit power on one side.
Similar devices exist for legitimate needs, like relaying time signals indoors. They tend to be expensive but that's because of the regulatory issues, not because they are complex.
Re: (Score:2)
The money has to be in "cyberweapon" value rather than the hardware - someone probably got access to some very valuable secrets which nobody else has, and this device is loaded with those secrets, which it acts on to break into the cars.
Re: (Score:2)
I'm more interested in the device and who sells them.
I'm a bit more interested in why the headline claims they were using a "$27000 Game Boy device", when that was just a disguise. It could've just as easily looked like a laptop computer, or a briefcase, or a can of dog food for all that matters to the story.
Also, weren't these British thieves, and the story from the BBC? Dollars weren't even mentioned in the story.
Re: The device (Score:2)
The price also is reduculous. It does not cost anything approaching even $1000 to build a Raspberry Pi into a Game Boy case and load it with haxx0r t00lz. Where do they get these insane price figures from anyway?
Or were these crooks so stupid to get badly rooked by another criminal selling Game Boy haxx0r t00lz?
white rose! (Score:2)
I'm a little bit sad that the video didn't include a little more of the criminals' Yorkshire accents.
Investment? (Score:2)
The force added that the "significant investment required to buy one of the sophisticated devices suggested the thefts were planned and orchestrated crimes."
If they're stealing cars, why presume they purchased the tools?
Re: (Score:3)
Their just car thieves, they aren't so bad as to resort to software piracy surely...
Sophisticated device worth £20,000 ? (Score:2)
Re: (Score:2)
It's worth whatever they can get people to pay. Plus, keeping the code in a device like this makes it easier to keep the software protected against casual copying.
Criminals so smart they're stupid (Score:2)
Great idea...tart up an expensive e-lockpick to look like a Game Boy, then hide it in a secret compartment. If the thieves had just left it carelessly tossed on the back seat of their car, maybe along with a couple of game cartridges, the cops probably wouldn't have given it a second glance.
Re:Criminals so smart they're stupid (Score:4, Insightful)
Re: (Score:2)
Excellent point, my friend!
I don't believe it! (Score:2)
Even thieves play games on the job.
The perfect crime (Score:2)
Yet they were still caught.
Re: (Score:1)
Yet they were still caught.
Some police forces can catch criminals and are still allowed to catch them.
In the US there are police forces that couldn't even catch covid if they tried.
For nerdy news site ... (Score:2)
Was it a proximity sensing key fob, a stalker with a long range Tx, thief with Rx close to the car ...?
Or a simple brute forcing of all key codes?
Or capture the remote key transmission, save it and play it back?
Affected models, affected key types ... Nothing...
Track the car, use dashcame sentry mode ... (Score:2)
Some cars have integrated dash cam and the footage can be saved to a safe local storage, not the simple thumbdrives that can be pulled out.
Some cars have internet connectivity. So the victim can turn on the dashcam, including the cabin facing one, take pictures of the thieves, location etc and access the saved dash cam, sentry mode footage remotely.
Crime follows the
This. Is. (Score:1)
Re: (Score:1)
Hilarious! Not for the car owners, of course, but pretty clever as far as delinquency goes.
Expensive. Used to be you could bag a car with simple stuff. Sometimes just a screwdriver. $27,000 unit to steal it? WOW.
Then you have to do something with it after you steal it. They're very organized to pull that off. Imagine if they went into something productive.
Dollars? (Score:2)
Pretty sure the original article would have used pounds.
Please learn how to write better summaries.