An investigation by the German car association ADAC revealed that all keyless cars examined could be opened and started via a detour. The union was able to circumvent the security with cheap technology, a signal amplifier.
To do this, the thief must be close to the owner of the ‘key’. Then the signal distance of the key can be increased with a special amplifier. This way of stealing a car has been known for years, according to the ADAC, but still seemed to be the domain of researchers. The hardware to open the cars was built by the German car association itself for a few hundred euros.
Opening and starting a car ‘keyless’ is becoming increasingly popular. Almost all car brands offer the option at an additional cost. When the owner of the key is near the car, the car opens automatically and the engine can be started with a simple button start without having to remove the key from a pocket or bag. In Europe, the system usually operates at 125kHz or 433MHz.
The test performed is not new, but the required hardware was still expensive. Researchers from the ETH in Zurich, Switzerland, already presented the technology in 2011. They tested their technology on ten different models from eight manufacturers. ADAC has succeeded in increasing the radio link between the car and the key with consumer hardware over the 2.4 GHz frequency. Then the attacker with the receiving equipment must be within two meters of the key to send the signal to an accomplice near the car. With more expensive, special equipment, it is also possible to pick up the signal up to eight meters away, or through walls.
According to ADAC, the relay attack is already being carried out to steal cars. ADAC tested models from Audi, BMW, Citroen, Ford, Honda, Hyundai, Kia, Lexus, Range Rover, Renault, Mazda, Mini, Mitsubishi, Nissan, Opel, SsangYong, Subaru, Toyota and Volkswagen. All cars were prone to the attack.
ADAC hopes that car manufacturers will jointly improve the security of electronics, as has long been standard in other IT sectors.