The French National Gendarmerie, with the support of Eurojust, Europol, and Spanish and Latvian authorities, has successfully dismantled a car theft gang. As per Europol’s press release, the gang used fraudulent software to steal vehicles. The gang didn’t even need the physical key fob to steal the vehicle.

According to Europol, authorities have arrested 31 suspects for their involvement in a clever scheme to steal internet-connected cars. The thieves hacked and stole vehicles through malicious software.

Their targets were vehicles that supported remote ignition systems and keyless entry. The arrested individuals include software developers, resellers, and thieves who stole the vehicles using fraudulent software.

Agence France-Presse (AFP) reported that the thieves bought tablets, connectors, and software from the resellers to duplicate vehicle keys and programmed blank keys without using the original. They modified the embedded system of numerous cars.

This digital attack kit was readily available online, but the French officials didn’t share the website URL. However, they did reveal that the website had 53,000 registered connections probably used for reprogramming keys.

As seen by Hackread.com, Europol also posted a domain seizure notice that read:

“This service has been seized by the Gendarmerie Nationale cyberspace command under the authority of the French Paris Prosecutor’s Office.”

Police Dismantled Car Hackers That Exploited Keyless Entry Tech
Domain seizure notice

During the investigation, conducted mainly by the French Gendarmerie’s Cybercrime Centre (C3N), more than 22 locations were searched while over €1 million in criminal assets were seized. The coordinated operation was conducted on October 10th, 2022, and it spanned three countries.

The investigation started in March 2022; it involved officials from all countries impacted by this crime. Two meetings were held at Europol’s headquarters to decide the investigation’s final phase. On the action day, a Europol mobile office was deployed in France to assist authorities.

Reportedly, the criminals mainly targeted vehicles from two French carmakers. They used the malicious software, marketed as an automotive diagnostic tool, to replace the vehicle’s original software. This forced the doors to open, and the vehicle was started instantly without using the key fob. The police didn’t reveal how the thieves installed or connected the malicious diagnostic solution to the targeted vehicles.

It is speculated that the crooks paid someone to perform it covertly at car mechanics, dealership shops, or any place where vehicles are left unattended for extended periods. It is unclear if the malicious software was developed and used by a single gang or if it was distributed among multiple gangs. Investigators believe that the tool was sold to third parties online.

  1. How to unlock Tesla wireless key fobs in 2 seconds
  2. Watch thieves steal keyless Mercedes within 23 seconds
  3. Car Hackers Remotely Steal Keyless BMW within Seconds
  4. Flaw in Remote Keyless System left Cars Vulnerable to Theft
  5. Tesla Cars and Smart Devices Unlocked with Bluetooth Flaws

Posted by Charlie