Major car brands are being accused of doing nothing to curtail keyless theft


When keyless entry to cars was introduced, everyone who has ever lost their key deep in their handbag or been carrying precarious stacks of packages breathed a sigh of relief. But it turns out that keyless entry might not be that secure.

Fourteen major car brands have been told they aren’t doing enough to stop keyless car theft. A German study showed that more than 200 new cars could be broken into by what is called a relay attack. This is when thieves trick a car into thinking the key is nearby.

33 car brands were asked what they had done to address this security issue. Disappointingly, only two brands have fixed this across their entire range. 12 had started taking steps on selected models, upgrading systems as they went. But astoundingly, 14 brands had done absolutely nothing.

How does car keyless entry work?

The key has a transmitter and a controller chip in it. A good controller chip uses a hopping/ rolling code which is about 40 bits long. This has the ability to have about 1 trillion different possible codes. This chip holds your special 40 bit code. When you push the button on the remote or are in proximity, that code is sent to the car from the transmitter using RFID radio waves, along with the function you want to do—open the doors, or the boot, etc.

If the car receiver gets the wrong code, it does nothing.

Both the receiver unit and the transmitter use the same random number generator. Once the transmitter has sent a 40 bit code, it chooses a new code, which is stores for next time. This happens at both ends, so the car’s unlock system is synchronised.

So how does a relay attack circumvent this?

A relay attack on car remotes uses radio amplifying equipment to increase the signal to the fob. So your key could be inside, hanging on the hook by the kitchen, the thief boosts the signal, the car thinks the key is close, and the car opens. And then they do the same thing again to start the engine.

There are few statistics available for this type of theft, but it seems to be increasing. A UK vehicle tracking company said that 80% of all the cars stolen in 2017 were taken without using the actual key.

Major security flaw that manufacturers are ignoring

Some car brands are implementing changes. The fixes they are introducing include:

  • Motion sensitive fobs. If not moved in a certain time frame, the fobs deactivate.
  • Fobs which can be turned off by the owner
  • Using ultra-wide-band signals which aren’t tricked by relay equipment.

Tesla and Mercedes-Benz have pushed their security changes throughout all their keyless models. This is a mix of a fix being applied to newer models or disabling the feature on older model cars.

The fourteen brands who have not implemented resolutions include:

  • Citroen
  • DS
  • Honda
  • Kia
  • Hyundai
  • Mazda
  • Lexus
  • Mitsubishi
  • Opel/ Vauxhall
  • Nissan
  • Peugeot
  • SsangYong
  • Renault
  • Suzuki

While these brands all say they take security seriously, how can they when this is a known way to break into cars and they are doing very little about it?

There are five brands that did not respond to the questions at all, including Alfa Romeo, Chevrolet and Jeep, Fiat and Infiniti.

What’s next for the car industry?

More car brands need to take responsibility, not only for re-designing keyless entry in their new model cars, but also offering the ability to retrofit or change the system on older model cars.

The motion sensor fob is a good short-term fix, but it does not solve the vulnerability altogether. It will still allow thieves to steal in a parking lot after you’ve parked and moved away, or in the 20 minutes after you’ve parked the car in the driveway.

More changes are needed to keep the industry, and keyless systems, safe.

What can you do?

If you have a keyless unlocking system for your car (or even your home), there are no guarantees that your car is safe. Having great car insurance and storing your car in a locked garage helps, but that’s not an option available for everyone. If you are looking to renew your insurance have a look at State NZ. They have a number of different policies and you can get an online quote.

A simple, quick, and cheap fix is to buy a Faraday pouch. These are available online, and they are a small pouch that blocks radio transmissions. While it seems counter-intuitive to have to put your keyless entry key into a pouch which requires you to remove it every time you want to drive your car, it may be the only way to keep your car safe from relay attacks.

It’s also worth making sure that your car insurance is up to date. If it needs renewing have a look at State.


Leave a Comment