Keyless car theft is a growing problem, and I recently became a victim. My Mercedes-Benz was stolen from my driveway without a trace of forced entry. As a cybersecurity journalist, I was shocked but determined to understand how it happened. After speaking with numerous experts, the consensus was clear: a Relay Car Theft Tool was used.
What is a Relay Car Theft Tool and How Does It Work?
A relay car theft tool exploits the vulnerabilities of keyless entry and start systems (PEPS). These tools use two devices to extend the range of your key fob’s signal. One device is placed near your house to capture the signal from your key, even through walls. The other device, held near your car, relays this captured signal, tricking the car into thinking the key is present. This allows the thieves to unlock and start the car without needing the physical key. The entire process can take less than a minute.
This diagram illustrates the process of a relay attack, showing how the signal is captured and relayed to unlock the car. Credit: IOActive
Once the car is started, it will usually continue to run until turned off, even if the key signal is lost. However, to restart the car, the thieves need to access the On-Board Diagnostics (OBD) port.
OBD Port Exploitation and Key Programming
The OBD port, typically located under the steering wheel, is used by mechanics for diagnostics. Thieves use an OBD programming tool to access the car’s system and program a new key, effectively disabling your original key. This allows them to drive the car freely. My experts dismissed the possibility of key cloning or the use of a Flipper Zero in my case. While the Flipper Zero has capabilities to exploit car vulnerabilities, the experts agreed it wasn’t the tool used in my situation.
Modern car theft often involves sophisticated tools rather than traditional methods of forced entry.
Who Are Behind These Thefts and How Easy Is It?
The concerning reality is that the tools and knowledge required for relay car theft are readily available. Online tutorials and easily obtainable equipment make it a low-barrier-to-entry crime. Often, the individuals carrying out the theft are not the masterminds but rather low-level criminals using readily available relay car theft tools. The developers and suppliers of these tools operate in a shadowy criminal ecosystem, making them difficult for law enforcement to track down. Even children have been arrested for participating in these thefts, highlighting the ease of execution.
While the Canadian government has linked the Flipper Zero to car thefts, experts in my case ruled it out as the likely tool.
Manufacturer Responsibility and Security Measures
While law enforcement struggles to combat this type of crime, car manufacturers also bear responsibility. Critics argue that they prioritize convenience over security by pushing keyless entry systems without adequately addressing their vulnerabilities. Mercedes-Benz, in response to my inquiry, highlighted security improvements implemented in newer models, such as motion sensors in keys and the ability to disable keyless functionality remotely. However, these features were not available in my 2018 model.
Car manufacturers are under pressure to improve security measures in their vehicles, but often lag behind in implementing effective solutions.
Protecting Yourself: How to Prevent Relay Car Theft
The most effective defense against relay car theft is a Faraday box or wallet. These enclosures block the radio signals from your key fob, preventing thieves from capturing them.
- Faraday Protection: Ensure your key fob is stored in a Faraday box or pouch when not in use. Test its effectiveness by trying to unlock your car with the key inside the Faraday enclosure.
- Additional Security Measures: Consider a steering wheel lock or an OBD port lock for added protection.
- Awareness: Be aware of the risks associated with keyless entry systems and share this information with others.
Conclusion: The Fight Against Relay Car Theft Continues
My experience highlights the vulnerability of keyless cars to relay attacks. Until manufacturers prioritize security and educate consumers about the risks, car owners must take proactive steps to protect themselves. Using a Faraday box is a crucial first step in preventing relay car theft and safeguarding your vehicle. Increased awareness, improved security measures from manufacturers, and stricter law enforcement efforts are all needed to effectively combat this growing crime.
