VMs fail on keyless car security

VMs fail on keyless car security

'Why have manufacturers failed to act on keyless car security flaw?' writes Jade Harding

Many new and existing cars are still at risk of theft, despite our report last year. Jade Harding reports in Which? April 2020.

One in three car manufacturers has failed to introduce any fix to a security flaw that increases the risk of keyless cars being stolen - more than a year after Which? reported on the threat and called for action.

They include top manufacturers including Citroen, Hyundai, Kia, Mazda, Nissan, Peugeot and Renault.

In January 2019, Which? reported the German General Automobile Club (ADAC) had found 230 cars were susceptible to a so-called 'relay attack'. This lets a thief use cheap electronic equipment to get into your keyless entry car and drive it away.

Thatcham Research, which conducts tests on vehicle safety and security, has since found more that are vulnerable.

In all, 92% of tested cars were insecure at the time of testing. We asked 33 brands what they're doing to prevent attacks. Just Jaguar, Tesla, Land Rover, and Mercedes have introduced a fix across their range of new and existing cars. Twelve brands haven't introduced any fix yet. Seven didn't reply.

How can it be fixed?
Ways to reduce the risk of a relay attack include:

  • Motion-sensor keys: fobs that turn off when motionless for a time - varying by manufacturer, from two to15 mins. It's the most commonly introduced fix, and has been used by manufacturers including Audi, BMW, Mercedes (models since 2018) and Skoda.
  • The ability to turn the key off once you've locked the car, implemented on Subaru and all Mercedes (including pre-2018) cars.
  • Use of ultra-wide band (UWB). UWB can accurately determine the distance between the key and the car, which means it can't be tricked by a relay attack. Land Rover and Jaguar use UWB across their ranges.

Some brands that haven't yet introduced a fix, including Honda, Group PSA (including Citroen and Peugeot}, Hyundai, Kia, Mazda, Nissan and Renault, told us that they're constantly looking for ways to make cars more secure.

Several manufacturers didn't want to disclose technologies behind their systems as they say it may affect security.

More in Which? Magazine - April 2020

Filed Under

We have placed cookies on your device to give you the best possible experience. By continuing to browse our site, you agree to our use of cookies. To find out more, please refer to our Privacy Policy


Find an Engineer

To find an engineer please enter your postcode below

Enter Postcode

May/Jun 2020
Assessor Logo

The members magazine of the IAEA.

Published bi-monthly, it covers news, features, case studies, interviews and reports from IAEA meetings across the country to keep members up-to-date with what's happening around the industry. You can read the latest issue online, and also access previous editions by clicking on the relevant links.

Assessor Magazine
Footer Logo

Subscribe to our mailing list


Terms & Conditions | Privacy Policy
copyright 2016 The Institute of Automotive Engineer Assessors