Rumor: Car Thieves Clone Remote Keyless Entry Codes to Unlock Vehicle Doors

Netlore Archive

Hispanic businessman using electronic key to open car door
Dave and Les Jacobs/Blend Images/Brand X Pictures/Getty Images

Forwarded email urges vehicle owners to lock doors manually instead of using a remote key, otherwise thieves might be able to clone the security code (a technique known as 'code grabbing') and gain entry to the vehicle.

Description: Forwarded email / Viral text
Circulating since: June 2008
Status: Partly true / Overblown (see details below)

Email contributed by J. Meyer, July 24, 2008:

Beware folks. This is news you can use.


A friend's son came over yesterday - he had to go to Canada for work last week. One of the other engineer's traveling to Canada with him, but in his own car had something happen... that I need to share.

While traveling he stopped at the roadside park, similar to what we have here with bathrooms, vending machines etc. He came out to his car less than 4-5 minutes later and found someone had gotten into his car, and stolen his cell phone, laptop computer, gps navigator, briefcase..... you name it.

They called the police and since there were no signs of his car being broke into - the police told him that there is a device that robbers are using now to clone your security code when you lock your doors on your car using your key-chain locking device. They set a distance away and watch for their next victim. Since they know you are going inside of the store, restaurant, or bathroom and have a few minutes to steal and run.

The police office said... to be sure to manually lock your car door-by hitting the lock button inside the car, that way if there is someone setting in a parking lot watching for their next victim it will not be you.

When you hit the lock button on your car upon exiting... it does not send the security code, but if you walk away and use the door lock on your key chain- it sends the code thru the airwaves where it can be stolen.

I just wanted to let you know about this... it is something totally new to us...and this is real... it just happened this past Thursday June 19th to his co-worker...

so be aware of this and please pass this note on... look how many times we all lock our doors with our keys... just to be sure we remembered to lock them.... and bingo the guys have our code... and whatever was in the car... can be gone.

This came from a friend......

This is very troubling what lengths people will go to to steal what doesn't belong to them! I do almost 100% of the time lock my car on the door lock inside when I exit the car. Little did I know that is the best way to lock your car.

Analysis: First, a word to the wise. Just because an email claims the information it contains has been verified on (or elsewhere), that isn't necessarily the case. This message, for example, contains a mixture of true and false information (which is what actually says).

Given the current state of remote keyless entry (RKE) technology, some version of the scenario described above are theoretically possible, but it isn't a threat the average vehicle owner needs to worry about. Virtually all RKE systems use a form of data encryption adopted in the late 1990s known as KEELOQ, which, though it has been shown in experiments to be potentially vulnerable to hackers, still (as of this writing) presents a formidable enough technological hurdle that most car thieves wouldn't even be able to attempt cracking it.

'Code grabbing' all but obsolete since the late '90s

As written, the warning reads more like a blast from the past, when RKE technology was still in its infancy, than a cutting-edge informational alert.

Compare it to this excerpt from a New York Times article dated July 14, 1996:

You park at the airport, remove your luggage, push the button on the key fob to lock the doors, and walk away thinking your car will be secure until you return. Think again.

Experts on vehicle theft say sophisticated car thieves have taken to hiding in parking lots where there is a lot of traffic, like those at airports, with high-tech recording devices. As you lock your car with the keyless remote control, the thieves record the signal that it transmits. After you leave, they play back the recording, unlock your car and steal it.

A similar warning was issued in a CBS News report aired in 1998:

Security specialist Ed Meenan of Avital Technologies showed us how a "Code Grabber" can secretly be used to pick up the keyless remote's signal. Only this transmitter doesn't just read the frequency, it records it and plays it back!

"So typically, what happens is a person will arm their alarm, which in fact does lock their doors, [and] walk into a mall knowing for a couple of hours that their car is protected," Meenan explains.

Not exactly. Now their car is defenseless to a "Code Grabber." And it's so easy to use. Armed with the electronic "code grabber," we could steal motorists' car keys right out of thin air.

That, however, was 10 years ago. Soon after these stories were published, the adoption of KEELOQ encryption made "code grabbing" much more difficult to accomplish.

While it's true that a 2007 study identified vulnerabilities in KEELOQ encryption and prompted some experts to call for improvements, others downplayed its real-world significance. "There is not a whole lot of threat to the end consumer," PGP Corp. chief technology officer Jon Callas explained to MSNBC in August of last year. "A guy with a Slim Jim is a bigger threat."

Sources and further reading:

A Scramble to Thwart high-Tech Thieves
New York Times, 14 July 1996

Code Cracking: Insecurity in the Car Lot
CBS News, 6 May 1998

Researchers Say They've Hacked Car Door Locks
MSNBC: Red Tape Chronicles, 28 August 2007

Microchip Technology's KEELOQ Security System Is Resistant to Recent Theoretical Code Cracking
Microchip Technology press release, 31 August 2007

Last updated: 08/20/08