Manufacturers urged to fix keyless theft vulnerabilities

Car manufacturers are being urged to create secure keyless entry systems after many were found to be vulnerable to thieves.

Thatcham Research tested the systems because of a rise in the number of modern vehicles stolen by tech-savvy gangs.

Criminals are using a ‘relay attack’, in which a device boosts the signal of a key inside someone’s home, tricking the car into thinking it’s close and unlocking it.

According to the Association of British Insurers, the cost of theft payouts for the first three months of this year was £108m – up 22 per cent on the same period last year and twice what it was four years ago.

Richard Billyeald, chief technical officer at Thatcham Research, said: “These figures demonstrate why the automotive industry must move to secure keyless entry/start systems, many of which offer criminals the chance to quickly and silently circumvent otherwise robust physical security.”

Of the seven cars tested, just three were given a superior rating, which is earned by having a system to protect against relay attacks. The BMW 7 Series, BMW X7 and Porsche 911 won their ratings thanks to a sensor in the key that deactivates it if it doesn’t detect movement for a short period.

The DS3 Crossback, Mazda 3, Toyota Rav4 and Volvo S60, however, were given ‘poor’ ratings because they don’t have a system to avoid such attacks.

To view this content, you'll need to update your privacy settings.
Please click here to do so.

All seven vehicles received at least a ‘good’ rating for security in model variants without keyless entry.

A Mazda spokesman told the Press Association that the 3’s key fob can “easily be deactivated by the driver when leaving the vehicle if added security is needed”. This fact was acknowledged by Thatcham, but it said “solutions which rely on active participation from the driver are not included in the rating”.

A Volvo spokesperson said the Swedish manufacturer used “industry-standard technology with its keyless systems and applies advanced encryptions to limit any remaining risks”.

They also confirmed that Volvo was continuing to work on improving its vehicles and would be introducing new technology to its keys this year to increase security.

A Toyota spokesperson told the Press Association the firm was working with government and industry bodies to tackle car crime. “Manufacturers are investing billions in increasingly sophisticated security features – ahead of any regulation – to try to stay one step ahead of the criminals.”

A spokesman for DS Automobiles said all manufacturers that fall under the Groupe PSA banner take vehicle security very seriously, and that it had created a dedicated division to “analyse and treat potential or proven weaknesses of vehicle security”. He added that, like the Mazda key, DS keys could be deactivated.