How are thieves using OnStar to steal Yukons?

[Yukon2828]

Hello,

My 2018 Yukon Denali was stolen In February. The police said there is a ring of thieves in the Dallas area targeting Yukons, Tahoes, and Sierras by compromising the OnStar system to gain control of the vehicle. Apparently they physically connect a device to the onstar port / module which allows them to unlock the doors, start the vehicle, and drive off without a key fob. They took mine in less than 3 minutes and there was no broken glass.

I’ve just purchased a 2022 Yukon SLT and I’m paranoid about it happening again. Does anyone know exactly how they compromise the OnStar unit? I think I read there is a port under the hood that can be accessed. If true I would look at adding a physical lock to the hood (even though it’s already “locked” with the hood release).

I’m also considering adding a kill switch In a hidden place. I believe this would prevent the engine from being started under any circumstances if the switch is off. It would take away my remote start capability but that’s a trade off I may have to make.

I looked at adding CompuStar but it’s not available for the 2022 Yukon. I even contacted ConpuStar and they said it should not be installed.

Finally, I’ve hidden two Apple AirTags in the vehicle, but I suspect thieves will be looking for those. Apple even released an Android app that will scan for them.

I’m just trying to think of anything I can do to secure my vehicle from these losers. I realize if they are committed they can take it, but I can make it more difficult.

Thanks for any input or advice.

 

[Doubeleive]

I think that is partly erroneous information, they can open the door with a slim jim, pop the hood, connect a ecm that has been security deleted, start and drive the vehicle away.
there is no "onstar port" there is a OBD port which is for diagnostics which could play some part in it.
that being said I haven't read of anything indicating a onstar hack, this would be the first.

 

[Yukon2828]

I think that is partly erroneous information, they can open the door with a slim jim, pop the hood, connect a ecm that has been security deleted, start and drive the vehicle away.
there is no "onstar port" there is a OBD port which is for diagnostics which could play some part in it.
that being said I haven't read of anything indicating a onstar hack, this would be the first.

Thanks. Not claiming that any of this is correct - just what I’ve heard. So maybe they’re not starting it with onstar, but they are definitely disabling it. At the time of the theft I received 3 different onstar emails at the same time saying my air bag, transmission, and engine needed servicing. I couldn’t connect from the onstar app and when I called onstar they were unable to connect to it or track the vehicle.

 

[Seamus]

There is a guy on the Duramax forum with surveillance video of the thieves doing this exact theft. They stole his 2021 Duramax HD using a laptop. What they are accessing? I dont know, it was alleged they catch your code when you use the remote to lock the truck?? They were in another car in the parking lot, and it showed them with a laptop and the lights in the truck going on when they unlocked it. Got in drove away. They quickly diabled the onstar and GPS. Very high tech these days. A simple steering wheel lock like the old day would have foiled this theft. This happened in a hotel parking lot. They stake out for your truck.

 

[Yukon2828]

There is a guy on the Duramax forum with surveillance video of the thieves doing this exact theft. They stole his 2021 Duramax HD using a laptop. What they are accessing? I dont know, it was alleged they catch your code when you use the remote to lock the truck?? They were in another car in the parking lot, and it showed them with a laptop and the lights in the truck going on when they unlocked it. Got in drove away. They quickly diabled the onstar and GPS. Very high tech these days. A simple steering wheel lock like the old day would have foiled this theft. This happened in a hotel parking lot. They stake out for your truck.

Interesting. Thanks for the info. I’ll try to find that video.

 

[Yukon2828]

I think that is partly erroneous information, they can open the door with a slim jim, pop the hood, connect a ecm that has been security deleted, start and drive the vehicle away.
there is no "onstar port" there is a OBD port which is for diagnostics which could play some part in it.
that being said I haven't read of anything indicating a onstar hack, this would be the first.

This video has a story about Onstar thefts in the area and mentions changing the computer under the hood, though it doesn’t specify that it’s the OnStar computer:

Thieves Target Chevrolet Silverados, Disable OnStar Tracking

Frustrated North Texas truck owners say their Chevy Silverados are being targeted and the devices meant to help catch the bad guys are useless. Jarrod Hamlin is a truck guy. He runs his own remodeling business and uses a truck every day, yet he was left without a ride after his bright blue 2018...

www.nbcdfw.com

 

[Yukon2828]

There is a guy on the Duramax forum with surveillance video of the thieves doing this exact theft. They stole his 2021 Duramax HD using a laptop. What they are accessing? I dont know, it was alleged they catch your code when you use the remote to lock the truck?? They were in another car in the parking lot, and it showed them with a laptop and the lights in the truck going on when they unlocked it. Got in drove away. They quickly diabled the onstar and GPS. Very high tech these days. A simple steering wheel lock like the old day would have foiled this theft. This happened in a hotel parking lot. They stake out for your truck.

In our case my wife parked the Yukon at 10:30 am in a doctors office parking lot. It was stolen at 1:00 pm so it’s unlikely they intercepted her key fob signal and waited 2.5 hours. The police said they cruise parking lots looking for late model high end GMCs with OnStar. “In fact it’s not even my first case today”. This was in Plano TX - a fairly upscale area.

 

[Doubeleive]

This video has a story about Onstar thefts in the area and mentions changing the computer under the hood, though it doesn’t specify that it’s the OnStar computer:

Thieves Target Chevrolet Silverados, Disable OnStar Tracking

Frustrated North Texas truck owners say their Chevy Silverados are being targeted and the devices meant to help catch the bad guys are useless. Jarrod Hamlin is a truck guy. He runs his own remodeling business and uses a truck every day, yet he was left without a ride after his bright blue 2018...

www.nbcdfw.com

you have it confused they are simply disabling onstar after the fact so they can't be traced
it's just like I said they slimjim the door, pop the hood, change the computer.
quote: “Within 3 minutes [thieves] were able to pop the lock, pop the hood, change the computer, disable the OnStar and steal my truck,” Hamlin said.
I have a idea how to prevent these thefts but it's my shark tank idea and it would work for all gm makes and models, it will stop them in there tracks.
I need to patent it

 

[Yukon2828]

Makes sense. So what computer are they changing? And are they disabling the OnStar under the hood or inside the vehicle? Would locking the hood keep them from changing the computer or disabling onstar?

 

[Jimmyy]

Your key fob is always transmitting. You a faraday bag for your fob.

 

[swathdiver]

Makes sense. So what computer are they changing? And are they disabling the OnStar under the hood or inside the vehicle? Would locking the hood keep them from changing the computer or disabling onstar?

The Onstar module is inside the dashboard. They will typically pull out the radio or glovebox to access it and simply unplug it. As Wes said, they pop the hood, put in a different engine computer and drive away. There is nothing under the hood to do with Onstar AFAIK, not on any generation truck I'm familiar with anyway.

Put in a kill switch to your fuel pump and disguise it in some creative way. Airline pilots have a switch in the overhead to flip if they get hi-jacked that sends out the "We've been hi-jacked" signal.

What I do not understand is how they were able to bypass the ignition without a key? Keyless systems are easier to defeat but the keyed cars have another, physical layer of security that has to be defeated.

I keep looking, found this on the K2s:

Be sure to read the comments, more nuggets...

Cool info for the GMT800 guys in the comments...

 

[Samson518]

I’m in the northern Virginia area and after speaking with local police, for the newer cars with key fobs allowing unlock as you approach, remote start, etc., thieves use some sort of signal booster. They drive around with something that looks for the key fob signal being given off from in the house or wherever the key is, locks on and amplifies it, as if you are walking up to the truck with your key. Unlocks the door. I’m not sure if they use the fake/booster signal to continue to drive the vehicle for extended periods but they are able to drive off. It happens enough around here that Arlington County police advised homeowners to use a Faraday box to insulate the fobs and prevent signal leakage.

 

[Rocket Man]

The Onstar module is inside the dashboard. They will typically pull out the radio or glovebox to access it and simply unplug it. As Wes said, they pop the hood, put in a different engine computer and drive away. There is nothing under the hood to do with Onstar AFAIK, not on any generation truck I'm familiar with anyway.

Put in a kill switch to your fuel pump and disguise it in some creative way. Airline pilots have a switch in the overhead to flip if they get hi-jacked that sends out the "We've been hi-jacked" signal.

What I do not understand is how they were able to bypass the ignition without a key? Keyless systems are easier to defeat but the keyed cars have another, physical layer of security that has to be defeated.

I keep looking, found this on the K2s:

Be sure to read the comments, more nuggets...

Cool info for the GMT800 guys in the comments...

Not sure about that GMT800 one, mine has Passlock as well as column lock. The time thieves got my cylinder to turn the column was still locked and the Passlock was not defeated. I still don’t understand why GM did away with column locks in newer vehicles though.

 

[Doubeleive]

I’m in the northern Virginia area and after speaking with local police, for the newer cars with key fobs allowing unlock as you approach, remote start, etc., thieves use some sort of signal booster. They drive around with something that looks for the key fob signal being given off from in the house or wherever the key is, locks on and amplifies it, as if you are walking up to the truck with your key. Unlocks the door. I’m not sure if they use the fake/booster signal to continue to drive the vehicle for extended periods but they are able to drive off. It happens enough around here that Arlington County police advised homeowners to use a Faraday box to insulate the fobs and prevent signal leakage.

I don't think there are doing that with GM's but I could be wrong, I have seen that happen mostly to the Mercedes

 

[Doubeleive]

The Onstar module is inside the dashboard. They will typically pull out the radio or glovebox to access it and simply unplug it. As Wes said, they pop the hood, put in a different engine computer and drive away. There is nothing under the hood to do with Onstar AFAIK, not on any generation truck I'm familiar with anyway.

Put in a kill switch to your fuel pump and disguise it in some creative way. Airline pilots have a switch in the overhead to flip if they get hi-jacked that sends out the "We've been hi-jacked" signal.

What I do not understand is how they were able to bypass the ignition without a key? Keyless systems are easier to defeat but the keyed cars have another, physical layer of security that has to be defeated.

I keep looking, found this on the K2s:

Be sure to read the comments, more nuggets...

Cool info for the GMT800 guys in the comments...

not sure what kind of aftermarket alarm this guy is saying won't work but the one I installed in my 2018 Silverado will
the moment they slimjim the door, break a window, jack it up, tow it away it triggers the key fob (if within a mile away), the 4g cellular function sends me a text, sends me a email and triggers a alarm on my phone app (anywhere worldwide)
it cost's about $1000.0+ (viper 5906v & smart start 4g plus extra sensors like tilt and glass break)
it is only defeatable if you do not respond to the alarm and just let them have it, they have to remove the starter kill and disconnect the 4g module which is buried behind and inside the dash

 

[DougAMiller]

I don't think there are doing that with GM's but I could be wrong, I have seen that happen mostly to the Mercedes

I think they are doing this with most brands these days, but my understanding is that the newer passive remotes have a motion-detector so it doesn't transmit when sitting still in your home or office. This is to prevent them from intercepting the signal when the keys are just sitting on a desk or table, but it still doesn't stop them from picking it up as you walk away from the car. His neighbor saw thieves trying to steal my boss' Ferrari from his house that way last summer, but since the key was sitting still in the house, they couldn't do it.

You would think that they would require the BCM or other hard-to-get-to module to validate with the PCM before allowing it to start in order to prevent theft by swapping the PCM.

I guess it's like they say, if you build a better mouse trap, they'll make a smarter mouse.

 

[Doubeleive]

I think they are doing this with most brands these days, but my understanding is that the newer passive remotes have a motion-detector so it doesn't transmit when sitting still in your home or office. This is to prevent them from intercepting the signal when the keys are just sitting on a desk or table, but it still doesn't stop them from picking it up as you walk away from the car. His neighbor saw thieves trying to steal my boss' Ferrari from his house that way last summer, but since the key was sitting still in the house, they couldn't do it.

You would think that they would require the BCM or other hard-to-get-to module to validate with the PCM before allowing it to start in order to prevent theft by swapping the PCM.

I guess it's like they say, if you build a better mouse trap, they'll make a smarter mouse.

on all of these GM's the "security" shuts off power to the fuel pump, that's it. how do you get around that? jumper the fuel pump relay

 

[swathdiver]

not sure what kind of aftermarket alarm this guy is saying won't work but the one I installed in my 2018 Silverado will
the moment they slimjim the door, break a window, jack it up, tow it away it triggers the key fob (if within a mile away), the 4g cellular function sends me a text, sends me a email and triggers a alarm on my phone app (anywhere worldwide)
it cost's about $1000.0+ (viper 5906v & smart start 4g plus extra sensors like tilt and glass break)
it is only defeatable if you do not respond to the alarm and just let them have it, they have to remove the starter kill and disconnect the 4g module which is buried behind and inside the dash

When I saw this thread, I thought of you and the security system you have. Merry Christmas to you and yours Wes!

 

[swathdiver]

Not sure about that GMT800 one, mine has Passlock as well as column lock. The time thieves got my cylinder to turn the column was still locked and the Passlock was not defeated. I still don’t understand why GM did away with column locks in newer vehicles though.

GMs reasoning for deleting the steering lock was because of the improved anti-theft features! They thought wrong on that one! The Escalades got the steering wheel lock back in 2010 and it further improved a year or two later. Merry Christmas Mark!

 

[Doubeleive]

When I saw this thread, I thought of you and the security system you have. Merry Christmas to you and yours Wes!

Merry Christmas!