Rumor: Car Thieves Clone Keyless Entry Codes to Unlock Car Doors

The Truth: Technological Advances Make This Nearly Impossible Today

businessman using electronic key to open car door

Dave and Les Jacobs / Getty Images

An email has been circulating since 2008, urging vehicle owners to lock their doors manually instead of using a remote key: The emails claim that otherwise, thieves might be able to clone the security code — a technique known as "code grabbing" — and gain entry to the vehicle. There's some truth to this urban legend, but not much. Read on to find out what the emails say, how they originated, and the facts of the matter.

Example Email

The following email appeared on July 24, 2008:

Beware folks. This is news you can use.
A friend's son came over yesterday — he had to go to Canada for work last week. One of the other engineer's traveling to Canada with him, but in his own car had something happen... that I need to share.
While traveling he stopped at the roadside park, similar to what we have here with bathrooms, vending machines, etc. He came out to his car less than 4-5 minutes later and found someone had gotten into his car, and stolen his cell phone, laptop computer, gps navigator, briefcase..... you name it.
They called the police and since there were no signs of his car being broke into - the police told him that there is a device that robbers are using now to clone your security code when you lock your doors on your car using your keychain locking device. They sat a distance away and watched for their next victim. Since they know you are going inside of the store, restaurant, or bathroom and have a few minutes to steal and run.
The police officer said... to be sure to manually lock your car door by hitting the lock button inside the car, that way if there is someone sitting in a parking lot watching for their next victim, it will not be you.
When you hit the lock button on your car upon exiting... it does not send the security code, but if you walk away and use the door lock on your key chain- it sends the code thru the airwaves where it can be stolen.
I just wanted to let you know about this... it is something totally new to us...and this is real... it just happened this past Thursday June 19th to his co-worker...
so be aware of this and please pass this note on... look how many times we all lock our doors with our keys... just to be sure we remembered to lock them.... and bingo the guys have our code... and whatever was in the car... can be gone.
This came from a friend......
This is very troubling what lengths people will go to to steal what doesn't belong to them! I do almost 100% of the time lock my car on the door lock inside when I exit the car. Little did I know that is the best way to lock your car.

Analysis: Partly True

First, a word to the wise: Just because an email claims the information it contains has been verified on (or elsewhere), that isn't necessarily the case. This message, for example, contains a mixture of true and false information, which is what actually says.

Given the current state of remote keyless entry (RKE) technology, some version of the scenario described above is theoretically possible, but it isn't a threat the average vehicle owner needs to worry about. Virtually all RKE systems use a form of data encryption adopted in the late 1990s known as KeeLoq, which, though it has been shown in tests to be potentially vulnerable to hackers, still presents a formidable enough technological hurdle that most car thieves wouldn't even be able to attempt cracking it.

"Code Grabbing" Obsolete Since the Late 1990s

As written, the warning reads more like a blast from the past, when RKE technology was still in its infancy than a cutting-edge informational alert. Compare it to this excerpt from a "New York Times" article dated July 14, 1996:

"You park at the airport, remove your luggage, push the button on the key fob to lock the doors, and walk away thinking your car will be secure until you return. Think again.​ Experts on vehicle theft say sophisticated car thieves have taken to hiding in parking lots where there is a lot of traffic, like those at airports, with high-tech recording devices. As you lock your car with the keyless remote control, the thieves record the signal that it transmits. After you leave, they play back the recording, unlock your car and steal it."

That, however, was years ago. Soon after this story was published, the adoption of KeeLoq encryption made code grabbing much more difficult to accomplish.

Though a 2007 study that identified vulnerabilities in KeeLoq encryption prompted some experts to call for improvements, others downplayed its real-world significance — even at that time. "There is not a whole lot of threat to the end consumer," PGP Corp. chief technology officer Jon Callas explained to MSNBC that same year. "A guy with a Slim Jim is a bigger threat."