A criminal gang in Europe may have been trying to hack tens of thousands of vehicles with keyless entry systems to steal them.

Authorities from France, Latvia, and Spain arrested 31 suspects believed to be part of a car theft ring that targeted vehicles from two French car manufacturers.

The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. 

The car theft ring allegedly targeted vehicles with keyless entry systems from two unnamed French automakers. “A fraudulent tool—marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob,” Europol said. 

To do that, they used a fraudulent tool promoted online as an automotive diagnostic solution to replace the stolen cars’ software and bypass the vehicles’ keyless system to enter and steal them.

As a result of a coordinated action carried out on 10 October in the three countries involved. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets were seized. 

The European law enforcement agencies also published a notice that says “This service has been seized.” This suggests the makers of the hacking tool sold access to it online, likely over dark web marketplaces, before the crackdown.

Still, Europol’s press release doesn’t mention the URL of the website or the domain where it was hosted.

Among those who have been arrested feature’s the software developers, its resellers and the car thieves who used this tool to steal vehicles.

Europol declined to provide other details, like what vulnerability was exploited to hack into the vehicles or the names of the auto manufacturers. But an agency spokesperson tells: “The car manufacturers are now working to update their systems to fix the vulnerability exploited by the criminal.”

The investigation was started by the French Gendarmerie’s Cybercrime Centre (C3N), with the French authorities also opening a case at Eurojust in September 2022.

There’s also evidence that the hacking occurred on a relatively wide scale. During the investigation, French police seized several servers from the criminal group that had “recorded over 53,000 connections.”

The following authorities took part in the investigation:

• France: National Jurisdiction against Organised Crime (JUNALCO), National Gendarmerie (Gendarmerie Nationale)
• Latvia: State Police of Latvia 
• Spain: Investigative Court num. 2 in Palma de Mallorca Balearic Islands PPO

The European Union judicial cooperation agency facilitated the cross-border judicial coordination between the French, Latvian, and Spanish national authorities involved in the joint operation.

“This gives an idea of the scale of the criminal activity (each connection = an attempt to steal a car),” the Europol spokesperson said. 

Europol has also supported the investigation since March 2022 by providing intelligence and analysis support to the countries targeted by this criminal ring.