Bad news for people with keyless entry cars in South Africa

While South African motorists with keyless entry vehicles can take several measures to stop tech-savvy thieves from stealing their cars, the best mitigations ultimately nullify the benefit of the feature.

Private security companies, car tracking firms, and insurance companies have warned about a surge in keyless car thefts in South Africa through so-called “replay attacks” or “relay attacks” since 2022.

A keyless entry vehicle uses short-range radio frequency communication between a car’s key fob and a receiver in the car connected to its locks and alarm system.

With a regular car remote control, the receiver is constantly listening for a particular signal from the remote to unlock the doors and, if available, deactivate the alarm.

The signal can be represented as a string of binary numbers with a unique identifier code matched to the receiver — like a type of passcode. In more modern implementations, the code regularly changes or rolls over.

The signal is only sent when the user presses the button on their remote. If the code is jammed and captured but a person locks or unlocks the car afterwards, it effectively becomes useless.

With a keyless entry fob, it’s like a button is constantly being pressed automatically, even when away from the car.

The car’s radio module listens out for the signal when you put your hand inside the door handle or press a button on the vehicle. This prevents the car from unlocking accidentally.

The vehicle can also automatically lock when you close the door and walk away, which can happen when the car detects it has lost its connection with the fob or if you manually press the lock button.

The issue with the signal constantly being blasted out by the fob is that it greatly increases the opportunity for criminals to intercept the rolling codes.

To carry out a replay attack, car theft syndicates typically monitor parking lots for particular vehicles with parts that have a high resale value on the black market, such as the Toyota Hilux or Ford Ranger.

One of the thieves then follows the vehicle owner closely as they move about a public space out of range from the car, like a shopping mall or store.

Using hidden signal-capturing equipment in a bag, they can pick up a series of rolling codes that are transmitted to a device in the hands of the second thief, which uses them to unlock and start the car.

Relay attacks are more commonly used for stealing cars from homes and require that one criminal first try and open the car to get a “challenge” signal from the receiver.

That request is transmitted to a second device nearer to where the thieves suspect the key fob may be located.

The secondary device captures the signal from the fob and transmits it directly to the car via a high-power antenna.

Block it, turn it off, or apply constant vigilance

There are several ways to protect your vehicle from replay and relay attacks. Unfortunately, the best mitigations detract from the convenience that keyless entry provides.

The most common advice is to use a Faraday pouch or other container for storing the fob when out in a public space or when the car is parked at an address where the key is not kept far away.

A Faraday pouch is lined with conductive material like metal mesh to block electromagnetic signals, preventing them from being detected by the car thief’s equipment.

While this will stop thieves from intercepting your fob’s signal, it will also prevent the fob from transmitting the signal to the car.

Some car brands also allow you to switch off keyless entry completely and instead rely on conventional remote unlocking.

Ultimately, fixing keyless entry theft will require carmakers to implement more advanced hardware and software to make capturing the signals and executing a replay attack more difficult.

As it stands, the best advice private security companies can give is to block or disable the keyless capabilities.

If you don’t want to lose the benefit of keyless entry, you could also avoid becoming a victim by being incredibly observant when out in public, where criminals could follow you.

To capture your fob’s rolling codes, the car thief with the equipment must be within close proximity for an extended period.