French authorities shut down a car theft ring last week that deployed malware to steal keyless cars.
With the help of Europol, Eurojust, and Spanish and Latvian police, French authorities dismantled a car theft ring that “used fraudulent software to steal vehicles without using the physical key fob.”
The action occurred last week in the three countries and resulted in the arrest of 31 suspects. Police raided 22 locations and seized more than 1 million euros in criminal assets.
The French Gendarmerie’s Cybercrime Centre (C3N) started the investigation, while Europol supported the case since March “with extensive analysis and the dissemination of intelligence packages to all the countries affected by this crime.”
Two meetings were held at Europol’s headquarters to decide together on the final phase of the investigation. Additionally, a Europol mobile office was deployed to France to help French authorities with the arrests.
“The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away,” Europol said in its press release.
While the agency didn’t mention any specific car brands, it said that the criminals only targeted keyless vehicles from two French car manufacturers.
The report also said that the thieves used an “automotive diagnostic solution” along with specialized software (like malware) to replace the vehicles’ original software. After opening the car doors, they could then start the vehicle without even using the key fob.
Europol’s announcement also didn’t describe the specific type of malware that was deployed during the attacks.
Authorities arrested malware developers, resellers, and even some of the suspected car thieves themselves.
Keyless ignition is not considered to be a very secure technology by many security experts. For example, some insurers even refuse to cover the damages or theft of keyless vehicles unless there are additional mechanical locks installed.