Law enforcement in France, Latvia and Spain have arrested 31 suspects believed to be part a group that used software to steal vehicles without using the physical key fob.
According to the EU Agency for Criminal Justice Cooperation (Eurojust), the suspects built or used software that duplicated certain models’ ignition keys and which was promoted online as an automotive diagnostic tool.
“The criminals targeted keyless vehicles from two French car manufacturers. A fraudulent tool – marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob,” said Europol.
“The perpetrators of the scam kept updating and adapting their software, to counteract the measures implemented by companies to reinforce the security of their vehicles,” Eurojust noted.
On October 10, the 31 suspects were arrested in France, including the managers of the firm that allegedly built the software. Authorities searched 22 locations in France, Spain, and Latvia. They also seized €100 million, 12 bank accounts, real estate, three luxury cars and the website domain.
The French Gendarmerie’s Cybercrime Centre (C3N) opened the case at Eurojust in September 2022 while Europol says it supported the investigation since March 2022.
Neither agency has named the two French car manufacturers. Eurojust was unable to provide further information about the hacks or affected car manufacturers, and ZDNet has asked Europol for more information.
The hack does sound different to more recent relay attacks where thieves capture the radio signal between the key fob and the vehicle. UK law enforcement warned of a spike in keyless car theft last year. Authorities said to prevent relay attacks, luxury car owners should store their key fobs in metal tins or protective pouches.