Almost all keyless car systems vulnerable to relay attacks
Investigation tests keyless car systems of 237 models, finds only three able to fully resist key signal cloning
Almost all cars with keyless entry and go systems are vulnerable to so-called ‘relay’ attacks, according to a new investigation.
Technicians selected 237 cars with keyless entry, and found 230 were susceptible to attacks where a potential thief could unlock and start the car without having the actual key. A further four could be either unlocked or started, while only three models – all Jaguar Land Rover cars – were able to fully resist a keyless attack.
Official Home Office data released last week show car thefts increased by 48.7 per cent over the last five years, while previous research by Auto Express revealed police are logging fewer than 50 per cent of stolen cars as recovered.
Relay theft attacks exploits vulnerabilities in the signals transmitted by wireless keys, which are typically sending a weak signal for their respective cars to recognise. By scanning for and then amplifying these signals, thieves are able – with relatively easily obtainable electronic equipment – to convince the car the key is nearby, gain access and drive off with the vehicle.
Research from the German General Automobile Club (ADAC) analysed by consumer publication Which? found four out of the top five best-selling cars in the UK – the Ford Fiesta, VW Golf, Nissan Qashqai and Ford Focus – were vulnerable to keyless thefts, while the Vauxhall Corsa – the third best-selling car – is not available with a keyless system, and so is impervious to such attacks. Only the Jaguar I-Pace, and the latest versions of the Land Rover Discovery and Range Rover, were able to fully resist keyless theft attempts.
The ADAC advises concerned owners that wrapping keyless keys in tinfoil is no guarantee the signals will be blocked from potential thieves’ equipment, as even the smallest gap in the foil could allow signals to escape. Instead, the ADAC advises owners to find out either in their manual, or from their dealer, if the keyless system can be deactivated.
BMW and Mercedes have also added motion sensors to their wireless key fobs, so only generate signals when they key is moving, meaning thieves shouldn’t be able to clone the keys’ signal when they are sitting dormant at home.
Mike Hawes, chief exectutive of the Society of Motor Manufacturers and Traders, said the car industry “takes vehicle crime extremely seriously and any claims otherwise are categorically untrue.” Hawes added that new cars “are more secure than ever, and the latest technology has helped bring down theft dramatically with, on average, less than 0.3% of the cars on our roads stolen.”
Calling car theft “an ongoing battle”, Hawes explained that “manufacturers continue to invest billions in ever more sophisticated security features”, but that “technology can only do so much and we continue to call for action to stop the open sale of equipment with no legal purpose that helps criminals steal cars.”
The manufacturers who responded to the investigation by Which? said they took theft seriously, with several echoing Hawes’ comments that the risk of theft remains low. Which? highlighted that the keyless systems in older Mercedes models can be deactivated by pressing the lock button on the key twice, which Mazda will deactivate its keyless system for free, a service also offered by Peugeot on its new 508.