953s High-tech car theft: How to hack a car (CBC Marketplace) images and subtitles

>> Charslie: We are in themiddle of a mystery...Trying to track down a devicethat could be making these cars,and yours, open to attack bythieves.Our search for that device isabout to uncover a surprisingnew world of cars and crime.Watch this home security video.It's the middle of the night inLong Beach, California.Two suspects approach two carsparked in someone's driveway.With little effort, the firstman opens the first vehicle andin he goes.The second man approaches theother vehicle, and with a slightpause, he too is in.He seems to have something inhis hand.Could that be the mysterydevice?>> Long Beach police departmentis baffled by a series ofhigh-tech auto thefts.>> Charslie: Across thecontinent.>> NBC 5 has learned of a newway thieves are breaking intoyour cars.>> Charslie: The same scenarioand the same results.>> It is crime catching on herein Winnipeg.And we have video of it.>> Charslie: It's like they havetheir own keys.>> One guy has something in hishand.Then he walks over to theToyota.And, bingo, it opens.>> Charslie: So, how do they doit? [ ♪♪ ]>> Charslie: Our trail leadsus to Washington.And to some victims of cartheft -->> Show time.>> Charslie: Who happen to betwo of our very own colleagues.[ Speaking in French >> Charslie: Christian Latrielleand Marcel Calfat work forRadio-Canada, the French sideof CBC.They were on assignment whenthey found themselves in themiddle of a crime story.So take me back.What was happening that day?>> It was the last day of ourshoot.So we had checked out of thehotel, packed the van witheverything, all our equipment,our personal luggage, and we hadone more interview to do.As I was leaving, I just turnedaround and with the zapper justlocked the door.[ ♪♪ ]>> Charslie: A witness tellsthem soon after they left, a manapproached the van and circledit.The man opened the van, noproblem, as if he had a key.And within minutes, emptied it.>> And me and the cameraman, weopened the trunk.When he opened the trunk,I couldn't believe that thematerial, the equipment wasn'tthere anymore.It was like a dream.You know? I went foggy.It took me a few seconds torealize that everything wasgone.>> Charslie: This list showsthey lost about $30,000 inequipment and personal items.Did police have any theoriesabout what may have happened?>> When the patrol car came, ohyeah, yeah, they probably stoleyour -- the wavelengths orwhatever.I said, what are you talkingabout?I had never heard of this.They said yeah, happens all thetime, where they can grab yoursignal when you're trying tolock the car and after that,they just open it.>> Charslie: This is somethingthat happened in California.>> That was easier than Ithought.>> Charslie: Were you surprisedit's that easy?>> That's amazing.No hesitation.Just poof, open the door.>> Charslie: Had these suspectsalso captured signals using themhere to unlock these cars?Police aren't sure.The internet, though, is filledwith theories, products andvideos that claim to know thetrick.Scanners, jammers and amplifiersthat interfere with the unlockcode your fob sends to your car.But does any of this stuffreally work?[ ♪♪ ]>> Charslie: We're inCalifornia. [ ♪♪ ]>> Charslie: The car theftcapital of the U.S.[ ♪♪ ]>> Charslie: To meet a guy whosays he can prove it's possible.Samy Kamkar has a very niceride.He hasn't, though, always donevery nice things.He once created the fastestspreading computer virus of alltime.We've hired Samy to show us howhe can get around car security.[ ♪♪ ]>> Charslie: And to see if hecan pop the locks on this 2016Cadillac SRX.So Sammy, what is that?>> So, this is a device I callroll jam.It's proof of concept that I'vecreated that demonstrates someof the insecurities withvehicles today.It gives me the ability tounlock a car when it reallyshouldn't be unlocking.>> Charslie: What motivated youto come up with this?>> Cars are now pretty muchjust computers on wheels.So like a computer, they'revulnerable to various types ofattacks.So just interested in what arethe attacks that are possibletoday?>> Charslie: Samy is known as awhite hat hacker.He tries to expose flaws insecurity systems before the badguys do.>> We'll place a smaller versionthat basically interferes withthe signal on the vehicle.>> Charslie: Can his device hackhis way through the latestantitheft features?>> And this device, this is whatpicks up the signal.[ ♪♪ ]>> Charslie: First he needs tofigure out the car's frequenciesand program the device.After about half an hour, timeto put this hacker to the test.>> Hit unlock.Try a few times.Cool.So I'm basically taking thatsignal.So now that signal is programmedin here.I can disable this.And when I want, I can go up tothe car and I can unlock it.So currently we see it's locked.>> Charslie: Yeah.Can't get in.>> And then...Just using this.>> Charslie: A device that costsjust 30 bucks to build.[ Laughter ]>> Get in. All of the cars that are outbasically use the sametechnology.We've known about it for years,and we've all thought it's beenrelatively secure.But, unfortunately, pretty muchall vehicles have this samedefect.>> Gill: Face-to-face with thehead of cybersecurity at GM.>> Charslie: When you see this,do you get nervous?>> I get nervous any timeresearchers show anything.>> Gill: Shifting into the fastlane.This is your "Marketplace".[ ♪♪ ]>> You'll need to put this on.>> Charslie: Just in case.>> Just in case.>> Gill: Detective Paul LaSalleis taking us to a crime scene aswe dig deeper into the world ofelectronic car theft.[ ♪♪ ]>> Gill: You've already seen howbad guys unlock your doors andsteal stuff using high-techdevices.Now we're about to show you howthey unlock your engine to makeoff with your entire car.>> Going into North York.There's been a number ofoccasions when stolen cars havebeen at this warehouse.>> Charslie: LaSalle works forYork Regional Police just northof Toronto.In the past two years his autotheft squad has seen a rise inelectronic car theft.>> There's a place, so what we'll do, we'll just park righthere and you can shoot throughthe side window if you want.There's some containers there.>> Charslie: Cars stolen usingthose electronic devices, youfound some in containers justlike this.>> Just like this.>> Charslie: More than oncepolice have uncovered stolencars here ready to be shippedoverseas.>> Nissan Quest.>> Charslie: The containerssometimes hold as many as fourvehicles.Often with older cars in front,hiding newer models destined forcountries like Nigeria.So it sounds like some ofthe thieves have caught upto technology.>> Absolutely.>> Charslie: The technicalsecurity elements.>> Absolutely.If there's profit, people aregoing to put the effort in to doit right.So is it getting easier?For some, it is.Because they've got thetechnology to do it.>> Charslie: Technology that'sat work in this homesurveillance video LaSallegave us.One thief enters the SUV throughthe back door and lets the otherone in the front.[ ♪♪ ]>> Gill: That thief is holdingsome kind of electronicdevice.It isn't long before he's got itstarted, and it's another carstolen.>> Basically they're gettinginto the brains of the car andgetting the car to learn a newkey.So the key that they bring tothe scene simply after an amountof time that they need toreprogram it, simply justdriving away.>> Charslie: You have actuallygot your hands on some of theseelectronic devices?>> Yep.>> Charslie: Do you want to showus some?>> Uh, no.[ ♪♪ ]>> Charslie: He won't show us.So we go looking for some ofthose devices ourselves down theroad in Oakville, Ontario.We've heard thieves are usingtools meant for legitimatelocksmiths.Guys like Nic MacKay who'sagreed to show us how they work.Hey, Nic.>> How's it going?>> Charslie: Great to meet you.Thanks for helping us out.So, your challenge, these keysare going to stay in my pocket.You got to get in this car, getit going, get outta here.>> Sounds good.>> Charslie: All right. Show ushow it's done.I lock the doors while Nic getshis equipment.Nothing fancy.To get into the car.The big challenge is to get thecar going.Ooh.What is that?>> This is the MBB Pro.It's a key programmer.>> Charslie: This key programmerallows Nic to talk to the car'scomputer.So I've got the keys, Nic.What are you going to do?>> I have an unprogrammed key.Same thing.See, it doesn't work the car atall.I'm going to basically tell thecar to accept this as a new key.>> Charslie: It's the samemethod thieves are using.Plug the programmer into thecar's diagnostic port, find theright make and model, and resetthe car's immobilizer.>> The immobilizer is what stopsanyone from just coming in withany key, starting it up andgoing away.>> Charslie: Nic's keyprogrammer cost thousands,but there are plenty of cheaperknockoffs on sites like eBaythat claim to work the same way.Do you think this kind of stuffcould work?>> Yes.Absolutely.It's actually reallydisappointing that they'reselling this stuff on eBay,because eBay won't even selllock picks as they areclassified as burglary tools.Anyone who is on the internetbuying key programming softwareon eBay, more than likelynot legitimate.>> Charslie: eBay tells usselling key programmers couldviolate their policies.They remove the listings weshowed them and will investigateothers.After about 15 minutes, the caris ready for a new key.>> Going to add this one in.Still in its packaging.>> Charslie: Not all fobs workthe same, but they can all bereprogrammed like this.>> I'm going to put this key uphere.You're going to hear a littlechirp, and this key is tied toit.There we go.Just like that.>> Charslie: That's it.Key programmed.>> Yep.>> Charslie: You can start thiscar?>> Absolutely.>> Charslie: Prove it.Get outta here.[ ♪♪ ]>> Charslie: Now that cars arecrammed with so muchelectronics...Car companies are in a race tokeep them secure from thieves.>> It's a big catchup game.What needs to be done is theyneed to get on top of it quick.>> Charslie: And from hackers.>> Hopefully this will alertmanufacturers to actuallyresolve this issue now that weunderstand more aboutpotentially what those attackerswere doing.[ ♪♪ ]>> Charslie: It was a GM carthat Samy hacked.So we're crossing into Detroitto find out what General Motorsthinks about it.Jeff Massimilla is head ofcybersecurity for GM.He says he wants to hear fromthe hackers.So we show him Samy's work.>> Can't get in.>> And then...I just use this.>> I guess what I would say is Iwould love to work with Samymore on this.The idea of that attack ispretty interesting.Maybe not a real-world type ofactivity, but could be appliedin a real-world way which is whywe need to get out in front ofthat stuff.>> Charslie: When you see this,do you get nervous?>> I get nervous any timeresearchers show anything.Researchers are very smart.In cybersecurity it's a veryinteresting thing.Cybersecurity experts have to beright a hundred percent of thetime.Researchers or attackers have tobe right once.It's a challenge every industryfaces.>> Charslie: One of the policeofficer we had worked with, hewas telling us if thieves canfigure out a way to make moneystealing cars, they're going todo it pretty quick.The automotive industry in orderto fix it, it's going to costthem money so it could take thema little longer.What do you make of that?>> Safety and security of ourcustomers are the highestpriority.This is top of mind for GeneralMotors.So I don't agree with thatstatement at the most principledlevel from our perspective ofthe safety and security of ourcustomers is our highestpriority.>> Charslie: GM is the first bigcar company to openly invitehackers to find flaws in itsvehicles.Massimilla says they've alreadyfixed some things as a result.How worried should car owners beabout the threat ofcyberattacks?>> Car owners should know thattheir vehicles are safe.That's the number one mostimportant thing.And absolutely everything likethis, anything that we see, welearn more about it and weaddress it.[ ♪♪ ]>> Charslie: If you're notconvinced, there are steps youcan take in the meantime.And none of them are thathigh-tech.Like a lock for your steeringwheel, and a lock for yourdiagnostic port.Anything that will slow a thiefdown.>> Time is risk.And risk is something they don'twant to do.>> Charslie: And, even better,listen to some guys who havebeen there.So, what lesson did you learnfrom that?>> Can we show you?>> Charslie: Sure.Show me.>> You want to lock your car,you press that magic button.>> Press the button.No more signal.>> And you close the door.>> Just like that. Never again with the fob.>> Gill: Learn how to outsmartcar thieves and share your tipsat facebook.com/cbcmarketplace.

High-tech car theft: How to hack a car (CBC Marketplace)

We go on the hunt for the mysterious device police believe those thieves are using to steal your car. To read more: www.cbc.ca/marketplace/episodes/2015-2016/car-theft »»» Subscribe to CBC News to watch more videos: www.youtube.com/user/cbcnews Connect with CBC News Online: For breaking news, video, audio and in-depth coverage: www.cbcnews.ca Find CBC News on Facebook: www.facebook.com/cbcnews Follow CBC News on Twitter: twitter.com/cbcnews For breaking news on Twitter: twitter.com/CBCAlerts Follow CBC News on Google+: plus.google.com/+CBCNews/posts Follow CBC News on Instagram: instagram.com/cbcnews Follow CBC News on Pinterest: www.pinterest.com/cbcnews// Follow CBC News on Tumblr: cbcnews.tumblr.com »»»»»»»»»»»»»»»»»» For more than 75 years, CBC News has been the source Canadians turn to, to keep them informed about their communities, their country and their world. Through regional and national programming on multiple platforms, including CBC Television, CBC News Network, CBC Radio, CBCNews.ca, mobile and on-demand, CBC News and its internationally recognized team of award-winning journalists deliver the breaking stories, the issues, the analyses and the personalities that matter to Canadians.
cbc marketplace, hackers, news, car hacking, public broadcasting, Canadian Broadcasting Corportation (TV network), hacking, CBCNews, car theft, CBC broadcasting media, CBC News, marketplace cbc, police, thieves, cars, publishing, marketplace, Canadian News, CBC News Network,
< ?xml version="1.0" encoding="utf-8" ?><>

< start="0.466" dur="5.072">>> Charslie: We are in the>

< start="1.367" dur="5.772">middle of a mystery...>

< start="5.638" dur="3.67">Trying to track down a device>

< start="7.239" dur="4.238">that could be making these cars,>

< start="9.408" dur="5.406">and yours, open to attack by>

< start="11.577" dur="3.237">thieves.>

< start="16.248" dur="3.504">Our search for that device is>

< start="17.75" dur="5.506">about to uncover a surprising>

< start="19.852" dur="3.404">new world of cars and crime.>

< start="24.19" dur="3.27">Watch this home security video.>

< start="26.225" dur="3.103">It's the middle of the night in>

< start="27.56" dur="3.637">Long Beach, California.>

< start="29.428" dur="4.805">Two suspects approach two cars>

< start="31.297" dur="4.137">parked in someone's driveway.>

< start="34.333" dur="3.237">With little effort, the first>

< start="35.534" dur="5.24">man opens the first vehicle and>

< start="37.67" dur="3.104">in he goes.>

< start="41.574" dur="3.003">The second man approaches the>

< start="42.875" dur="4.238">other vehicle, and with a slight>

< start="44.677" dur="3.904">pause, he too is in.>

< start="47.213" dur="2.802">He seems to have something in>

< start="48.681" dur="2.502">his hand.>

< start="50.115" dur="3.038">Could that be the mystery>

< start="51.283" dur="1.87">device?>

< start="56.622" dur="2.336">>> Long Beach police department>

< start="57.556" dur="3.37">is baffled by a series of>

< start="59.058" dur="3.27">high-tech auto thefts.>

< start="61.026" dur="2.703">>> Charslie: Across the>

< start="62.428" dur="2.836">continent.>

< start="63.829" dur="2.803">>> NBC 5 has learned of a new>

< start="65.364" dur="2.369">way thieves are breaking into>

< start="66.732" dur="2.102">your cars.>

< start="67.833" dur="2.903">>> Charslie: The same scenario>

< start="68.934" dur="3.204">and the same results.>

< start="70.836" dur="2.403">>> It is crime catching on here>

< start="72.238" dur="2.502">in Winnipeg.>

< start="73.339" dur="2.669">And we have video of it.>

< start="74.84" dur="2.703">>> Charslie: It's like they have>

< start="76.108" dur="2.569">their own keys.>

< start="77.643" dur="2.002">>> One guy has something in his>

< start="78.777" dur="1.702">hand.>

< start="79.745" dur="1.535">Then he walks over to the>

< start="80.579" dur="2.703">Toyota.>

< start="81.38" dur="2.703">And, bingo, it opens.>

< start="83.382" dur="2.703">>> Charslie: So, how do they do>

< start="84.183" dur="5.138">it? >

< start="86.185" dur="4.037">[ ♪♪ ]>

< start="89.421" dur="3.537">>> Charslie: Our trail leads>

< start="90.322" dur="4.338">us to Washington.>

< start="93.058" dur="3.037">And to some victims of car>

< start="94.76" dur="2.369">theft -->

< start="96.195" dur="2.135">>> Show time.>

< start="97.229" dur="3.07">>> Charslie: Who happen to be>

< start="98.43" dur="5.039">two of our very own colleagues.>

< start="100.399" dur="4.104">[ Speaking in French >

< start="103.569" dur="2.569">>> Charslie: Christian Latrielle>

< start="104.603" dur="3.304">and Marcel Calfat work for>

< start="106.238" dur="3.07">Radio-Canada, the French side>

< start="108.007" dur="3.436">of CBC.>

< start="109.408" dur="3.771">They were on assignment when>

< start="111.543" dur="4.171">they found themselves in the>

< start="113.279" dur="3.57">middle of a crime story.>

< start="115.814" dur="3.037">So take me back.>

< start="116.949" dur="2.869">What was happening that day?>

< start="118.951" dur="1.768">>> It was the last day of our>

< start="119.918" dur="1.802">shoot.>

< start="120.819" dur="2.436">So we had checked out of the>

< start="121.82" dur="2.737">hotel, packed the van with>

< start="123.355" dur="3.337">everything, all our equipment,>

< start="124.657" dur="3.77">our personal luggage, and we had>

< start="126.792" dur="3.303">one more interview to do.>

< start="128.527" dur="5.406">As I was leaving, I just turned>

< start="130.195" dur="6.474">around and with the zapper just>

< start="134.033" dur="2.636">locked the door.>

< start="137.269" dur="2.67">[ ♪♪ ]>

< start="139.171" dur="2.903">>> Charslie: A witness tells>

< start="140.039" dur="3.67">them soon after they left, a man>

< start="142.174" dur="3.537">approached the van and circled>

< start="143.809" dur="3.737">it.>

< start="145.811" dur="5.672">The man opened the van, no>

< start="147.646" dur="7.474">problem, as if he had a key.>

< start="151.583" dur="4.739">And within minutes, emptied it.>

< start="155.22" dur="2.97">>> And me and the cameraman, we>

< start="156.422" dur="3.67">opened the trunk.>

< start="158.29" dur="5.572">When he opened the trunk,>

< start="160.192" dur="5.773">I couldn't believe that the>

< start="163.962" dur="3.037">material, the equipment wasn't>

< start="166.065" dur="2.502">there anymore.>

< start="167.099" dur="4.605">It was like a dream.>

< start="168.667" dur="4.171">You know? I went foggy.>

< start="171.804" dur="2.569">It took me a few seconds to>

< start="172.938" dur="3.704">realize that everything was>

< start="174.473" dur="3.437">gone.>

< start="176.742" dur="3.504">>> Charslie: This list shows>

< start="178.01" dur="5.272">they lost about $30,000 in>

< start="180.346" dur="4.971">equipment and personal items.>

< start="183.382" dur="3.871">Did police have any theories>

< start="185.417" dur="4.405">about what may have happened?>

< start="187.353" dur="4.137">>> When the patrol car came, oh>

< start="189.922" dur="3.97">yeah, yeah, they probably stole>

< start="191.59" dur="3.737">your -- the wavelengths or>

< start="193.992" dur="2.136">whatever.>

< start="195.427" dur="1.468">I said, what are you talking>

< start="196.228" dur="2.236">about?>

< start="196.995" dur="2.77">I had never heard of this.>

< start="198.564" dur="3.37">They said yeah, happens all the>

< start="199.865" dur="3.27">time, where they can grab your>

< start="202.034" dur="3.303">signal when you're trying to>

< start="203.235" dur="3.871">lock the car and after that,>

< start="205.437" dur="4.038">they just open it.>

< start="207.206" dur="5.972">>> Charslie: This is something>

< start="209.575" dur="4.538">that happened in California.>

< start="213.278" dur="2.803">>> That was easier than I>

< start="214.213" dur="2.836">thought.>

< start="216.181" dur="1.735">>> Charslie: Were you surprised>

< start="217.149" dur="1.602">it's that easy?>

< start="218.016" dur="2.236">>> That's amazing.>

< start="218.851" dur="3.703">No hesitation.>

< start="220.352" dur="3.304">Just poof, open the door.>

< start="222.654" dur="3.504">>> Charslie: Had these suspects>

< start="223.756" dur="5.171">also captured signals using them>

< start="226.258" dur="5.64">here to unlock these cars?>

< start="229.027" dur="2.871">Police aren't sure.>

< start="233.198" dur="3.637">The internet, though, is filled>

< start="235.033" dur="3.804">with theories, products and>

< start="236.935" dur="4.071">videos that claim to know the>

< start="238.937" dur="5.239">trick.>

< start="241.106" dur="4.905">Scanners, jammers and amplifiers>

< start="244.276" dur="4.538">that interfere with the unlock>

< start="246.111" dur="4.271">code your fob sends to your car.>

< start="248.914" dur="3.538">But does any of this stuff>

< start="250.482" dur="1.97">really work?>

< start="253.318" dur="2.703">[ ♪♪ ]>

< start="255.22" dur="2.771">>> Charslie: We're in>

< start="256.121" dur="1.87">California. >

< start="258.323" dur="1.902">[ ♪♪ ]>

< start="259.358" dur="2.637">>> Charslie: The car theft>

< start="260.325" dur="1.67">capital of the U.S.>

< start="262.561" dur="2.136">[ ♪♪ ]>

< start="263.695" dur="3.538">>> Charslie: To meet a guy who>

< start="264.797" dur="2.436">says he can prove it's possible.>

< start="268.934" dur="3.937">Samy Kamkar has a very nice>

< start="270.502" dur="3.637">ride.>

< start="272.971" dur="4.271">He hasn't, though, always done>

< start="274.239" dur="4.271">very nice things.>

< start="277.342" dur="3.537">He once created the fastest>

< start="278.61" dur="4.906">spreading computer virus of all>

< start="280.979" dur="2.537">time.>

< start="284.516" dur="4.706">We've hired Samy to show us how>

< start="286.218" dur="3.004">he can get around car security.>

< start="289.888" dur="3.471">[ ♪♪ ]>

< start="292.124" dur="3.036">>> Charslie: And to see if he>

< start="293.459" dur="4.271">can pop the locks on this 2016>

< start="295.26" dur="4.138">Cadillac SRX.>

< start="297.83" dur="2.869">So Sammy, what is that?>

< start="299.498" dur="2.302">>> So, this is a device I call>

< start="300.799" dur="2.169">roll jam.>

< start="301.9" dur="2.236">It's proof of concept that I've>

< start="303.068" dur="2.102">created that demonstrates some>

< start="304.236" dur="2.269">of the insecurities with>

< start="305.27" dur="3.003">vehicles today.>

< start="306.605" dur="4.371">It gives me the ability to>

< start="308.373" dur="4.071">unlock a car when it really>

< start="311.076" dur="2.436">shouldn't be unlocking.>

< start="312.544" dur="2.369">>> Charslie: What motivated you>

< start="313.612" dur="2.402">to come up with this?>

< start="315.013" dur="2.703">>> Cars are now pretty much>

< start="316.114" dur="3.004">just computers on wheels.>

< start="317.816" dur="2.603">So like a computer, they're>

< start="319.218" dur="2.202">vulnerable to various types of>

< start="320.519" dur="2.502">attacks.>

< start="321.52" dur="3.07">So just interested in what are>

< start="323.121" dur="3.204">the attacks that are possible>

< start="324.69" dur="2.669">today?>

< start="326.425" dur="2.235">>> Charslie: Samy is known as a>

< start="327.459" dur="2.87">white hat hacker.>

< start="328.76" dur="3.137">He tries to expose flaws in>

< start="330.429" dur="3.603">security systems before the bad>

< start="331.997" dur="3.37">guys do.>

< start="334.132" dur="2.97">>> We'll place a smaller version>

< start="335.467" dur="4.638">that basically interferes with>

< start="337.202" dur="4.171">the signal on the vehicle.>

< start="340.205" dur="2.703">>> Charslie: Can his device hack>

< start="341.473" dur="4.638">his way through the latest>

< start="343.008" dur="5.205">antitheft features?>

< start="346.211" dur="3.972">>> And this device, this is what>

< start="348.313" dur="1.87">picks up the signal.>

< start="350.716" dur="2.269">[ ♪♪ ]>

< start="352.117" dur="2.703">>> Charslie: First he needs to>

< start="353.085" dur="3.871">figure out the car's frequencies>

< start="354.92" dur="2.036">and program the device.>

< start="357.99" dur="4.304">After about half an hour, time>

< start="359.625" dur="4.037">to put this hacker to the test.>

< start="362.394" dur="2.836">>> Hit unlock.>

< start="363.762" dur="2.503">Try a few times.>

< start="365.33" dur="1.735">Cool.>

< start="366.365" dur="2.702">So I'm basically taking that>

< start="367.165" dur="3.271">signal.>

< start="369.167" dur="2.637">So now that signal is programmed>

< start="370.536" dur="3.77">in here.>

< start="371.904" dur="4.271">I can disable this.>

< start="374.406" dur="4.605">And when I want, I can go up to>

< start="376.275" dur="6.873">the car and I can unlock it.>

< start="379.111" dur="4.838">So currently we see it's locked.>

< start="383.248" dur="1.602">>> Charslie: Yeah.>

< start="384.049" dur="3.47">Can't get in.>

< start="384.95" dur="4.438">>> And then...>

< start="387.619" dur="3.037">Just using this.>

< start="389.488" dur="3.337">>> Charslie: A device that costs>

< start="390.756" dur="4.204">just 30 bucks to build.>

< start="392.925" dur="4.939">[ Laughter ]>

< start="395.06" dur="2.804">>> Get in.>

< start="398.564" dur="2.302"> All of the cars that are out>

< start="399.965" dur="1.869">basically use the same>

< start="400.966" dur="2.569">technology.>

< start="401.934" dur="3.003">We've known about it for years,>

< start="403.635" dur="3.07">and we've all thought it's been>

< start="405.037" dur="3.837">relatively secure.>

< start="406.805" dur="3.237">But, unfortunately, pretty much>

< start="408.974" dur="3.037">all vehicles have this same>

< start="410.142" dur="1.869">defect.>

< start="413.579" dur="3.87">>> Gill: Face-to-face with the>

< start="414.646" dur="4.071">head of cybersecurity at GM.>

< start="417.549" dur="2.202">>> Charslie: When you see this,>

< start="418.817" dur="1.869">do you get nervous?>

< start="419.851" dur="3.104">>> I get nervous any time>

< start="420.786" dur="2.169">researchers show anything.>

< start="423.655" dur="2.636">>> Gill: Shifting into the fast>

< start="425.39" dur="3.171">lane.>

< start="426.391" dur="2.17">This is your "Marketplace".>

< start="429.428" dur="4.037">[ ♪♪ ]>

< start="431.997" dur="2.536">>> You'll need to put this on.>

< start="433.565" dur="2.369">>> Charslie: Just in case.>

< start="434.633" dur="2.336">>> Just in case.>

< start="436.034" dur="3.437">>> Gill: Detective Paul LaSalle>

< start="437.069" dur="4.538">is taking us to a crime scene as>

< start="439.571" dur="4.372">we dig deeper into the world of>

< start="441.707" dur="2.236">electronic car theft.>

< start="444.81" dur="5.205">[ ♪♪ ]>

< start="449.081" dur="2.836">>> Gill: You've already seen how>

< start="450.115" dur="3.504">bad guys unlock your doors and>

< start="452.017" dur="3.07">steal stuff using high-tech>

< start="453.719" dur="3.103">devices.>

< start="455.187" dur="3.57">Now we're about to show you how>

< start="456.922" dur="4.204">they unlock your engine to make>

< start="458.857" dur="4.071">off with your entire car.>

< start="461.226" dur="2.703">>> Going into North York.>

< start="463.028" dur="2.87">There's been a number of>

< start="464.029" dur="3.604">occasions when stolen cars have>

< start="465.998" dur="2.802">been at this warehouse.>

< start="467.733" dur="2.636">>> Charslie: LaSalle works for>

< start="468.9" dur="2.57">York Regional Police just north>

< start="470.469" dur="2.702">of Toronto.>

< start="471.57" dur="3.136">In the past two years his auto>

< start="473.271" dur="3.704">theft squad has seen a rise in>

< start="474.806" dur="3.104">electronic car theft.>

< start="477.075" dur="2.303">>> There's a place, so what >

< start="478.01" dur="3.069">we'll do, we'll just park right>

< start="479.478" dur="3.136">here and you can shoot through>

< start="481.179" dur="3.204">the side window if you want.>

< start="482.714" dur="2.837">There's some containers there.>

< start="484.483" dur="2.536">>> Charslie: Cars stolen using>

< start="485.651" dur="2.903">those electronic devices, you>

< start="487.119" dur="2.702">found some in containers just>

< start="488.654" dur="2.535">like this.>

< start="489.921" dur="2.57">>> Just like this.>

< start="491.289" dur="2.603">>> Charslie: More than once>

< start="492.591" dur="3.136">police have uncovered stolen>

< start="493.992" dur="3.604">cars here ready to be shipped>

< start="495.827" dur="3.671">overseas.>

< start="497.696" dur="2.836">>> Nissan Quest.>

< start="499.598" dur="2.369">>> Charslie: The containers>

< start="500.632" dur="2.569">sometimes hold as many as four>

< start="502.067" dur="3.437">vehicles.>

< start="503.301" dur="4.071">Often with older cars in front,>

< start="505.604" dur="4.237">hiding newer models destined for>

< start="507.472" dur="3.804">countries like Nigeria.>

< start="509.941" dur="3.604">So it sounds like some of>

< start="511.376" dur="3.537">the thieves have caught up>

< start="513.645" dur="2.136">to technology.>

< start="515.013" dur="1.735">>> Absolutely.>

< start="515.881" dur="1.535">>> Charslie: The technical>

< start="516.848" dur="1.368">security elements.>

< start="517.516" dur="2.402">>> Absolutely.>

< start="518.316" dur="3.204">If there's profit, people are>

< start="520.018" dur="2.636">going to put the effort in to do>

< start="521.62" dur="3.704">it right.>

< start="522.754" dur="4.305">So is it getting easier?>

< start="525.424" dur="2.602">For some, it is.>

< start="527.159" dur="3.404">Because they've got the>

< start="528.126" dur="2.437">technology to do it.>

< start="531.797" dur="2.669">>> Charslie: Technology that's>

< start="532.864" dur="3.037">at work in this home>

< start="534.566" dur="3.838">surveillance video LaSalle>

< start="536.001" dur="2.403">gave us.>

< start="539.371" dur="4.071">One thief enters the SUV through>

< start="541.339" dur="4.272">the back door and lets the other>

< start="543.542" dur="2.069">one in the front.>

< start="546.344" dur="3.07">[ ♪♪ ]>

< start="548.513" dur="2.503">>> Gill: That thief is holding>

< start="549.514" dur="2.97">some kind of electronic>

< start="551.116" dur="2.569">device.>

< start="552.584" dur="3.67">It isn't long before he's got it>

< start="553.785" dur="4.506">started, and it's another car>

< start="556.354" dur="1.937">stolen.>

< start="560.459" dur="3.837">>> Basically they're getting>

< start="561.66" dur="3.704">into the brains of the car and>

< start="564.396" dur="2.269">getting the car to learn a new>

< start="565.464" dur="3.436">key.>

< start="566.765" dur="5.205">So the key that they bring to>

< start="569" dur="4.972">the scene simply after an amount>

< start="572.07" dur="3.604">of time that they need to>

< start="574.072" dur="2.803">reprogram it, simply just>

< start="575.774" dur="2.903">driving away.>

< start="576.975" dur="2.836">>> Charslie: You have actually>

< start="578.777" dur="2.302">got your hands on some of these>

< start="579.911" dur="2.136">electronic devices?>

< start="581.179" dur="1.836">>> Yep.>

< start="582.147" dur="1.635">>> Charslie: Do you want to show>

< start="583.115" dur="2.636">us some?>

< start="583.882" dur="1.869">>> Uh, no.>

< start="586.051" dur="3.37">[ ♪♪ ]>

< start="588.22" dur="2.602">>> Charslie: He won't show us.>

< start="589.521" dur="4.204">So we go looking for some of>

< start="590.922" dur="5.874">those devices ourselves down the>

< start="593.825" dur="2.971">road in Oakville, Ontario.>

< start="597.562" dur="2.837">We've heard thieves are using>

< start="598.964" dur="4.237">tools meant for legitimate>

< start="600.499" dur="4.638">locksmiths.>

< start="603.301" dur="4.139">Guys like Nic MacKay who's>

< start="605.237" dur="2.203">agreed to show us how they work.>

< start="608.273" dur="1.602">Hey, Nic.>

< start="609.141" dur="1.601">>> How's it going?>

< start="609.975" dur="2.436">>> Charslie: Great to meet you.>

< start="610.842" dur="4.338">Thanks for helping us out.>

< start="612.511" dur="4.905">So, your challenge, these keys>

< start="615.28" dur="3.404">are going to stay in my pocket.>

< start="617.516" dur="3.036">You got to get in this car, get>

< start="618.784" dur="2.702">it going, get outta here.>

< start="620.652" dur="1.869">>> Sounds good.>

< start="621.586" dur="2.904">>> Charslie: All right. Show us>

< start="622.621" dur="1.869">how it's done.>

< start="625.891" dur="3.336">I lock the doors while Nic gets>

< start="627.626" dur="2.702">his equipment.>

< start="629.327" dur="3.271">Nothing fancy.>

< start="630.428" dur="2.17">To get into the car.>

< start="633.431" dur="3.204">The big challenge is to get the>

< start="634.866" dur="2.803">car going.>

< start="636.735" dur="2.135">Ooh.>

< start="637.769" dur="2.803">What is that?>

< start="638.97" dur="4.772">>> This is the MBB Pro.>

< start="640.672" dur="4.371">It's a key programmer.>

< start="643.842" dur="2.803">>> Charslie: This key programmer>

< start="645.143" dur="2.736">allows Nic to talk to the car's>

< start="646.745" dur="3.437">computer.>

< start="647.979" dur="3.37">So I've got the keys, Nic.>

< start="650.282" dur="4.037">What are you going to do?>

< start="651.449" dur="4.472">>> I have an unprogrammed key.>

< start="654.419" dur="2.703">Same thing.>

< start="656.021" dur="3.136">See, it doesn't work the car at>

< start="657.222" dur="2.903">all.>

< start="659.257" dur="4.606">I'm going to basically tell the>

< start="660.225" dur="3.638">car to accept this as a new key.>

< start="665.597" dur="3.438">>> Charslie: It's the same>

< start="666.531" dur="2.504">method thieves are using.>

< start="669.734" dur="3.137">Plug the programmer into the>

< start="670.735" dur="4.305">car's diagnostic port, find the>

< start="672.971" dur="4.371">right make and model, and reset>

< start="675.14" dur="3.303">the car's immobilizer.>

< start="677.442" dur="2.403">>> The immobilizer is what stops>

< start="678.543" dur="2.803">anyone from just coming in with>

< start="679.945" dur="3.104">any key, starting it up and>

< start="681.446" dur="1.603">going away.>

< start="683.949" dur="2.636">>> Charslie: Nic's key>

< start="685.183" dur="2.77">programmer cost thousands,>

< start="686.685" dur="4.471">but there are plenty of cheaper>

< start="688.053" dur="5.906">knockoffs on sites like eBay>

< start="691.256" dur="3.871">that claim to work the same way.>

< start="694.059" dur="3.637">Do you think this kind of stuff>

< start="695.227" dur="3.303">could work?>

< start="697.796" dur="1.568">>> Yes.>

< start="698.63" dur="1.735">Absolutely.>

< start="699.464" dur="1.802">It's actually really>

< start="700.465" dur="2.269">disappointing that they're>

< start="701.366" dur="3.036">selling this stuff on eBay,>

< start="702.834" dur="2.77">because eBay won't even sell>

< start="704.502" dur="3.204">lock picks as they are>

< start="705.704" dur="3.537">classified as burglary tools.>

< start="707.806" dur="2.869">Anyone who is on the internet>

< start="709.341" dur="4.271">buying key programming software>

< start="710.775" dur="4.94">on eBay, more than likely>

< start="713.712" dur="2.003">not legitimate.>

< start="716.448" dur="1.835">>> Charslie: eBay tells us>

< start="717.315" dur="2.77">selling key programmers could>

< start="718.383" dur="2.936">violate their policies.>

< start="720.185" dur="2.536">They remove the listings we>

< start="721.419" dur="3.505">showed them and will investigate>

< start="722.821" dur="2.103">others.>

< start="725.857" dur="4.038">After about 15 minutes, the car>

< start="727.492" dur="4.004">is ready for a new key.>

< start="729.995" dur="3.136">>> Going to add this one in.>

< start="731.596" dur="2.603">Still in its packaging.>

< start="733.231" dur="2.803">>> Charslie: Not all fobs work>

< start="734.299" dur="4.371">the same, but they can all be>

< start="736.134" dur="3.537">reprogrammed like this.>

< start="738.77" dur="1.702">>> I'm going to put this key up>

< start="739.771" dur="1.568">here.>

< start="740.572" dur="1.602">You're going to hear a little>

< start="741.439" dur="3.237">chirp, and this key is tied to>

< start="742.274" dur="3.169">it.>

< start="744.776" dur="1.602">There we go.>

< start="745.543" dur="1.636">Just like that.>

< start="746.478" dur="2.002">>> Charslie: That's it.>

< start="747.279" dur="2.569">Key programmed.>

< start="748.58" dur="2.336">>> Yep.>

< start="749.948" dur="1.735">>> Charslie: You can start this>

< start="751.016" dur="1.401">car?>

< start="751.783" dur="1.468">>> Absolutely.>

< start="752.517" dur="2.803">>> Charslie: Prove it.>

< start="753.351" dur="3.137">Get outta here.>

< start="755.42" dur="2.136">[ ♪♪ ]>

< start="756.588" dur="2.135">>> Charslie: Now that cars are>

< start="757.656" dur="3.937">crammed with so much>

< start="758.823" dur="4.238">electronics...>

< start="761.693" dur="4.471">Car companies are in a race to>

< start="763.161" dur="4.538">keep them secure from thieves.>

< start="766.264" dur="3.37">>> It's a big catchup game.>

< start="767.799" dur="3.771">What needs to be done is they>

< start="769.734" dur="3.471">need to get on top of it quick.>

< start="771.67" dur="2.936">>> Charslie: And from hackers.>

< start="773.305" dur="2.536">>> Hopefully this will alert>

< start="774.706" dur="2.302">manufacturers to actually>

< start="775.941" dur="2.168">resolve this issue now that we>

< start="777.108" dur="2.369">understand more about>

< start="778.209" dur="3.238">potentially what those attackers>

< start="779.577" dur="1.87">were doing.>

< start="781.846" dur="2.169">[ ♪♪ ]>

< start="783.248" dur="2.202">>> Charslie: It was a GM car>

< start="784.115" dur="3.304">that Samy hacked.>

< start="785.55" dur="3.27">So we're crossing into Detroit>

< start="787.519" dur="3.271">to find out what General Motors>

< start="788.92" dur="1.87">thinks about it.>

< start="792.057" dur="3.57">Jeff Massimilla is head of>

< start="793.525" dur="3.303">cybersecurity for GM.>

< start="795.727" dur="2.436">He says he wants to hear from>

< start="796.928" dur="5.839">the hackers.>

< start="798.263" dur="5.572">So we show him Samy's work.>

< start="802.867" dur="3.605">>> Can't get in.>

< start="803.935" dur="2.537">>> And then...>

< start="807.472" dur="2.136">I just use this.>

< start="808.773" dur="1.969">>> I guess what I would say is I>

< start="809.708" dur="1.968">would love to work with Samy>

< start="810.842" dur="1.869">more on this.>

< start="811.776" dur="2.136">The idea of that attack is>

< start="812.811" dur="3.036">pretty interesting.>

< start="814.012" dur="3.737">Maybe not a real-world type of>

< start="815.947" dur="3.37">activity, but could be applied>

< start="817.849" dur="2.903">in a real-world way which is why>

< start="819.417" dur="2.803">we need to get out in front of>

< start="820.852" dur="2.803">that stuff.>

< start="822.32" dur="2.87">>> Charslie: When you see this,>

< start="823.755" dur="3.303">do you get nervous?>

< start="825.29" dur="3.136">>> I get nervous any time>

< start="827.158" dur="3.237">researchers show anything.>

< start="828.526" dur="2.937">Researchers are very smart.>

< start="830.495" dur="1.969">In cybersecurity it's a very>

< start="831.563" dur="1.935">interesting thing.>

< start="832.564" dur="2.069">Cybersecurity experts have to be>

< start="833.598" dur="2.002">right a hundred percent of the>

< start="834.733" dur="1.801">time.>

< start="835.7" dur="2.336">Researchers or attackers have to>

< start="836.634" dur="3.004">be right once.>

< start="838.136" dur="2.636">It's a challenge every industry>

< start="839.738" dur="2.769">faces.>

< start="840.872" dur="2.736">>> Charslie: One of the police>

< start="842.607" dur="3.237">officer we had worked with, he>

< start="843.708" dur="3.637">was telling us if thieves can>

< start="845.944" dur="2.469">figure out a way to make money>

< start="847.445" dur="2.169">stealing cars, they're going to>

< start="848.513" dur="2.703">do it pretty quick.>

< start="849.714" dur="3.637">The automotive industry in order>

< start="851.316" dur="3.537">to fix it, it's going to cost>

< start="853.451" dur="3.838">them money so it could take them>

< start="854.953" dur="3.37">a little longer.>

< start="857.389" dur="1.868">What do you make of that?>

< start="858.423" dur="1.735">>> Safety and security of our>

< start="859.357" dur="1.602">customers are the highest>

< start="860.258" dur="1.735">priority.>

< start="861.059" dur="2.102">This is top of mind for General>

< start="862.093" dur="2.67">Motors.>

< start="863.261" dur="2.836">So I don't agree with that>

< start="864.863" dur="2.769">statement at the most principled>

< start="866.197" dur="2.403">level from our perspective of>

< start="867.732" dur="1.835">the safety and security of our>

< start="868.7" dur="2.135">customers is our highest>

< start="869.667" dur="2.336">priority.>

< start="870.935" dur="3.27">>> Charslie: GM is the first big>

< start="872.103" dur="3.704">car company to openly invite>

< start="874.305" dur="2.903">hackers to find flaws in its>

< start="875.907" dur="2.569">vehicles.>

< start="877.308" dur="3.738">Massimilla says they've already>

< start="878.576" dur="5.673">fixed some things as a result.>

< start="881.146" dur="4.704">How worried should car owners be>

< start="884.349" dur="3.87">about the threat of>

< start="885.95" dur="3.204">cyberattacks?>

< start="888.319" dur="2.269">>> Car owners should know that>

< start="889.254" dur="2.335">their vehicles are safe.>

< start="890.688" dur="2.069">That's the number one most>

< start="891.689" dur="3.304">important thing.>

< start="892.857" dur="4.572">And absolutely everything like>

< start="895.093" dur="3.637">this, anything that we see, we>

< start="897.529" dur="3.236">learn more about it and we>

< start="898.83" dur="4.505">address it.>

< start="900.865" dur="3.17">[ ♪♪ ]>

< start="903.435" dur="1.902">>> Charslie: If you're not>

< start="904.135" dur="3.47">convinced, there are steps you>

< start="905.437" dur="3.37">can take in the meantime.>

< start="907.705" dur="2.938">And none of them are that>

< start="908.907" dur="1.736">high-tech.>

< start="911.843" dur="3.003">Like a lock for your steering>

< start="912.911" dur="4.071">wheel, and a lock for your>

< start="914.946" dur="3.37">diagnostic port.>

< start="917.082" dur="2.435">Anything that will slow a thief>

< start="918.416" dur="2.403">down.>

< start="919.617" dur="2.269">>> Time is risk.>

< start="920.919" dur="1.935">And risk is something they don't>

< start="921.986" dur="1.902">want to do.>

< start="922.954" dur="2.302">>> Charslie: And, even better,>

< start="923.988" dur="2.47">listen to some guys who have>

< start="925.356" dur="3.504">been there.>

< start="926.558" dur="3.87">So, what lesson did you learn>

< start="928.96" dur="2.903">from that?>

< start="930.528" dur="2.102">>> Can we show you?>

< start="931.963" dur="3.537">>> Charslie: Sure.>

< start="932.73" dur="4.538">Show me.>

< start="935.6" dur="3.604">>> You want to lock your car,>

< start="937.368" dur="2.903">you press that magic button.>

< start="939.304" dur="1.935">>> Press the button.>

< start="940.371" dur="2.103">No more signal.>

< start="941.339" dur="2.569">>> And you close the door.>

< start="942.574" dur="3.604">>> Just like that. >

< start="944.008" dur="2.17">Never again with the fob.>

< start="946.945" dur="2.436">>> Gill: Learn how to outsmart>

< start="948.146" dur="4.205">car thieves and share your tips>

< start="949.481" dur="2.87">at facebook.com/cbcmarketplace.>