Keyless entry hacking leaves popular cars vulnerable

Some of Australia’s most popular cars are highly susceptible to 'keyless theft' by thieves using cheap electronic equipment purchased online, according to a European study.

The German General Automobile Club (ADAC) has tested 237 keyless model variants that can unlock and start automatically if the key fob is close by, such as in your bag or pocket.

The study, published on UK consumer site Which?, found that at least 230 cars could be tricked into thinking the car was close enough to unlock - and in many cases start - the car.

This form of theft is called relay attack, which works by placing a router-like box next to the vehicle and another close to where you leave your key, such as at your front door. The second box acts as a relay that strengthens the radio signal from the key fob to the car, which in many cases results in being able to open the door and start it.

These included popular current models dating as far back as 2014 including the Honda HR-V, Hyundai i30, Hyundai Tucson, Mazda 3 and CX-5, Mitsubishi Outlander, Opel Insignia (Holden Commodore), Subaru XV and Forester, and Volkswagen Golf.

In most cases, these were higher-spec variants, with cheaper versions still requiring traditional keys, or key fobs that only work by manually pressing a button, unaffected.

According to the full list of vehicles tested, the issue affects many other popular brands available in Australia were affected including Alfa Romeo, Audi, BMW, Citroen, Fiat, Ford, Kia, Lexus, Mini, Mercedes-Benz, Nissan, Peugeot, Renault, Skoda, Suzuki, Tesla, Toyota and Volvo.

Many cars with smart keyless entry and start that aren’t on the list could also be affected.

BMW and Mercedes-Benz have both addressed the issue with its latest models by adding motion sensors to their key fobs so that they only produce a signal to open or start the car when it's moving. This means the thieves shouldn’t be able to hack the signal when the key is safely stored at home.

And while all brands are working to improve their theft safeguards, vehicle safety and security organisations calling on manufacturers to implement safeguards for existing models.

Of the vehicles tested, only the Range Rover, Land Rover Discovery and Jaguar I-Pace were protected from keyless theft, thanks to Jaguar Land Rover stepping up the security of its keyless models after a spate of thefts around the world.

According to Which?, the keyless fobs for these models use ultra-wide-band (UWB) technology that can very accurately determine the distance between the key and the car, so the car can’t be tricked by the relay attack.

The hacking has been associated with a 40 per cent spike in car thefts in the UK since 2016. Because they can’t be restarted without the key close by, it’s likely most of the stolen cars were either broken up for parts or shipped overseas, where they could be paired with a new electronic key.

Fortunately, relay attack still appears to be very rare in Australia, where more than half of the 52,858 vehicle thefts in 2017 were a result of keys stolen in burglaries (37 per cent) or keys left in cars (18 per cent).

Cars being stolen without keys accounted for 14 per cent of thefts here, but these were mostly older cars falling victim to old-school hotwiring.

It’s also worth noting that vehicle theft in Australia has dropped markedly during the past two decades, from 126,871 in 1995-96, thanks to new technology such as immobilisers and keyless entry.

Preventing relay attack theft

Some brands such as Mercedes-Benz and Mazda can switch off the keyless entry system, meaning you have to press the button to unlock the door.

If you’re worried about such theft, contact your car’s manufacturer to see if it has steps to protect your car.

Alternatively, keep your key out of sight at home and as far away from the exterior of the home as possible.

Keeping the key fob in a sealed metal box can also block the signal produced by your key.