Automotive Identification RF & Wireless Security & Identification Security Blog

Key-Less Go Is The Modern Car Thieves Dream Feature

Mercedes-Benz E-Class, KEYLESS-GO Paket

Just a couple weeks ago we described how digital keys equipped with crypto hardware could be used to secure the communication between all kinds of locks and devices. However instead of adding safety modern car keys are often a security risk if the vehicles are equipped with technology for “keyless go”.

This feature enables the owner to open a vehicle while leaving the key in the pocket and even start the car without getting it out. Now that’s comfy – for you and for thieves. The reason is the way those systems work. Once you approach your car and reach out for the door handle the car sends a RF signal to the key requesting an authentication code. The key responds and transmits the code and the car opens. The same thing happens when you sit inside the car and push the start engine button.

In order to secure the system the signals are pretty “weak”, thus the car key has to be in close proximity (approx. 1-2 meters) to the car for the process to work. However, there is a convenient way to hack this system with cheap applications built out of components you can order from any electronics hardware store online.

With amplifiers, resistors and capacitors it’s not easy but also not undoable to build a radio range extender which will do the job of the hack just fine. Using one such device to pick up the signal of the car key, sending it to another one which is close to the car to deliver the code makes it possible to open the car. This works from 10 meters up to 100 meters depending on how sophisticated the extender is.

With this method it is achievable for a team of thieves to sit in a restaurant with one radio range extension while the partner in crime walks along the parked cars in the side road to check which ones open. If you tune in the right frequency cars equipped with keyless go are likely to disarm the door locks. In a next step the thieve gets in the car and hits the start button – and drives off.

Keyless Go Security Flaw
With two range extenders it is possible to pick up the signal of the car key and to open up a car.

What makes this hack so special is that you can accomplish two things with the same equipment in only a couple seconds. In addition, the big problem for car makers is, that there are no cost efficient methods to add protection without sacrificing comfort (which is what this system is all about, as otherwise you could just push the button on the key).

As long as car makers don’t add an additional layer of protection the numbers of cars stolen which are equipped with keyless go might increase; this could eventually also influence the insurance quote for modern cars with this option.

In conclusion we would either not recommend to buy this feature (especially if your car isn’t at least equipped with an alarm system) or to hide the keys in a metal box at home. However, it might be easier to press a button several times a day than searching for your car keys in the refrigerator.

If you are developing applications and need consultancy to secure them feel free to approach us and contact us here and get some more information on our dedicated section on our website here.