Europol this week, with the support of Spanish and Latvian authorities, successfully broke up a car theft gang. It announced that it had arrested 31 people in its raid on attackers who had developed and used an attack technique to steal keyless vehicles.
Those arrested include software developers, vendors and attackers using counterfeit software.
According to Europol’s press release, the attackers used fake software to steal vehicles. The gang didn’t even need physical keys to steal the vehicle.
The targets of the attackers were vehicles supporting remote ignition systems and keyless entry.
By manipulating the cars’ software, the attackers were able to unlock the doors and start the car’s engine without the need for the owner’s wireless key.
The investigation, which started in March 2022 as a result of the attacks, included officials from all countries affected by the crime. Two meetings were held at Europol’s headquarters to decide on the final phase of the investigation.
Reportedly, the criminals mostly targeted two French automakers. They used malware marketed as an automotive diagnostic tool to replace the original software of the vehicle. This software forced the vehicle doors to open and the vehicle was started without using the key. Police did not disclose how the attackers installed or connected the malicious diagnostic solution to the targeted vehicles.
It is speculated that scammers pay someone to do it secretly at car mechanics, dealer shops, or anywhere vehicles are left unattended for long periods of time. It is unclear whether the malware was developed by a single gang or distributed among multiple gangs. Researchers believe the tool has been sold to third parties online.
Europol this week, with the support of Spanish and Latvian authorities, successfully broke up a car theft gang. It announced that it had arrested 31 people in its raid on attackers who had developed and used an attack technique to steal keyless vehicles.
Those arrested include software developers, vendors and attackers using counterfeit software.
According to Europol’s press release, the attackers used fake software to steal vehicles. The gang didn’t even need physical keys to steal the vehicle.
The targets of the attackers were vehicles supporting remote ignition systems and keyless entry.
By manipulating the cars’ software, the attackers were able to unlock the doors and start the car’s engine without the need for the owner’s wireless key.
The investigation, which started in March 2022 as a result of the attacks, included officials from all countries affected by the crime. Two meetings were held at Europol’s headquarters to decide on the final phase of the investigation.
Reportedly, the criminals mostly targeted two French automakers. They used malware marketed as an automotive diagnostic tool to replace the original software of the vehicle. This software forced the vehicle doors to open and the vehicle was started without using the key. Police did not disclose how the attackers installed or connected the malicious diagnostic solution to the targeted vehicles.
It is speculated that scammers pay someone to do it secretly at car mechanics, dealer shops, or anywhere vehicles are left unattended for long periods of time. It is unclear whether the malware was developed by a single gang or distributed among multiple gangs. Researchers believe the tool has been sold to third parties online.
