(Photo: CHRIS YOUNG/AFP/Getty Images)
For two decades, car security has transformed dramatically, moving from simple keys to complex keyless entry systems. Luxury brands like Mercedes, Audi, BMW, and Volvo have invested heavily in these systems to combat car theft, a highly profitable criminal enterprise. However, many car owners don’t consider the security of their key fobs, wireless access, and smartphone apps connected to their vehicles, or the vast amount of personal data these keys might hold.
Recently, I spent a day at Europe’s leading private forensic laboratory in Mayen, Germany. Run by Manfred Goth, a certified police forensic expert, the lab assists major European insurance companies. They analyze locks, safes, cars, and buildings in criminal and civil cases, ranging from arson to auto theft. Last year, their work saved one insurer approximately twenty million euros in fraudulent claims, including car theft. They also advise police on security system bypass and are part of the Lockmasters Group in Bergheim, Germany. Lockmasters are experts in covert entry tools and training for government agencies, specializing in all forms of locking mechanisms and their vulnerabilities.
My work involves testing lock hardware security, but I’ve paid less attention to car security. Despite owning a car with keyless entry, I hadn’t deeply considered the security risks or privacy implications, my focus being on high-security locks. The idea that my key fob could store vehicle data, potentially used by insurers or police, was new to me. This changed after visiting Goth’s lab and Lockmaster.
Manfred was investigating a BMW theft case, noting that BMW keys store more data than most. He showed me a decoder from Abrites, a Bulgarian company specializing in electronic decoding and bypass systems for global vehicle key fobs and keyless entry. Abrites creates tools for locksmiths and restricted versions for government use. Modern car immobilizers, keys, locks, and central computers can be hacked for vehicle entry, bugging, tracking, key cloning, data extraction, and theft. These tools are used not only by law enforcement and locksmiths but also by car thieves.
Plugging a BMW key fob into the Abrites decoder, Manfred instantly accessed data including the VIN, mileage, fuel level, and last driving time. Newer keys are also equipped to store GPS data.
Why is this relevant to you, especially if you’re considering selling your old key fob or upgrading your car’s security system? Insurance fraud is a significant issue with stolen vehicle claims. In Europe, insurers often require owners to submit their keys for inspection. Unbeknownst to many, key fob data can be used against them in insurance fraud cases or claim denials. For example, if a car owner reports a theft three days prior and provides their keys to prove they weren’t in the car, key data can reveal inconsistencies. In one case, key data showed the car was driven the day before the reported theft, exposing a false claim.
At Lockmaster headquarters in Bergheim, I witnessed further key decoding demonstrations and learned how to intercept key fob-car communication for vehicle theft. Watch my interview with Enrico Wendt, Lockmaster’s Operations Manager, demonstrating BMW key fob decoding. In a follow-up, Sascha Wendt, Technical Manager, will show the ease of stealing a new Audi.
While key data storage is intended for maintenance, law enforcement and insurers influence car manufacturers, leading to increased data collection in key fobs, mirroring smartphone trends.
Vehicle keys are just one aspect of security constantly challenged by covert entry experts, law enforcement, criminals, and hackers. I was shown how sophisticated thieves can steal luxury cars using portable Bulgarian devices. Furthermore, replicating a key fob from a high-end German car via the infrared port in the ignition and a laptop, courtesy of Polish hackers, is alarmingly simple. Car manufacturers are now addressing wireless entry system flaws, with a Swiss inventor developing an ingenious solution, which I explored in Zurich. Stay tuned for more on this evolving landscape of car security.
If you’re thinking about where to sell your old key fobs, consider the security implications first. While there might be a resale market for used key fobs, especially for older models or for parts, understanding the data they contain and the security vulnerabilities associated with them is crucial. Before selling or discarding your old key fobs, it’s wise to research data wiping or destruction methods to protect your personal information. Furthermore, when upgrading your car’s security, ensure your new system addresses these modern key fob vulnerabilities to prevent potential theft and data breaches. The evolving technology in car security means staying informed is your best defense, whether you are buying, selling, or simply using your vehicle every day.
