7 Modern Car Theft Methods – How Thieves Target Keyless Cars (and How to Stop Them)

Keyless Theft – How Is It Done?

All of the modern car theft methods explained here target keyless cars which often only have one layer of security. The not so secure smart key.

If your car has a smart key with push-to-start button, it can be an easy target for professional car thieves. This guide examines modern methods used to compromise your vehicle’s factory security systems.

modern car theft methods explained
Modern Car theft Methods

1: Remote Jamming/Blocking

 This method involves transmitting a frequency in the same range as your car’s remote control, effectively blocking the signal and preventing the car from locking. Surprisingly, this doesn’t require sophisticated equipment—it can be done with another car alarm remote.

Have you ever pressed your remote and found it didn’t work, then tried again successfully? This could indicate jamming interference.

Prevention:

  • Always check that your car has actually locked
  • Look for hazard lights flashing as confirmation
  • Don’t assume your car is locked just because you pressed the remote button
  • If your car doesn’t lock, you’re leaving it vulnerable to content theft and potential OBD port attacks

2: Roll-Jam Attack

What is a Roll-Jam Attack?

A Roll-Jam Attack is an advanced version of remote jamming. A device blocks your car from receiving the unlock code while simultaneously recording it. When you press the remote again, the thief uses the first stolen code to lock your car, while storing the second code to unlock it later.

This sophisticated attack exploits the rolling code security system that most modern cars use.

3: Relay Amplification Attack

Modern car theft methods
Modern car theft methods explained - Relay Attack

The relay amplification attack, (also called a relay attack) targets vehicles with smart keys. Thieves can unlock and start your car by tricking it into thinking the Smart Key is nearby, even when it’s actually out of it’s normal working range.

The attack works by using two devices: one near your car and another near where your keys are stored. Before explaining further you should probably understand how the car smart key system actually works.

How Smart Key unlocking normally works

If you hold your remote in your hand and touch the door handle you will see that the LED on the remote lights up when it sends the lock or unlock command as shown in the video below.

What is actually happening?

When the car door handle is touched the car transmits a RF signal, if this signal is detected by a smart key that is coded to the vehicle, the remote will respond by transmitting an unlock signal just like if you pressed the unlock button on your remote. 

Under normal circumstances the detection zone for the remote is about 1 meter from the door when the handle is pressed. Hence why it does not unlock when the remote is not in proximity.

How the Relay Amplification Attack works

Quite simply, the RF signal the car sends is read by the first device, then sent to the 2nd device which amplifies the signal. If the remote detects the signal it responds with and unlock command, just like it would if you’d pressed the unlock button.

If you’ve seen any videos of this attack being done you’d probably noticed that the scumbag with the 2nd device stands by a door or a window of the owners house.

The reason for this is the RF signal has a better range through a window or a door then through a wall of the house.

Basic Protection: Consider using a Faraday pouch or signal-blocking wallet to store your Smart Key, preventing signal relay attacks. Some later model smart keys have the option to turn off the proximity locking. Others have a sleep function that stops the remote from responding if it is static.

4: Rollback Attack

A Rollback Attack works by capturing remote signals and replaying them. In theory this should not be possible with a rolling code remote system, however, a large number of vehicles are vulnerable to it. Including my 2015 Honda Vezel!

For it to work on the Honda I need to capture 5 consecutive remote signals. It does not matter if the car has seen these or not, when I replay them it re-syncs and unlocks the car. I have tested this and can replay the sequence as many times as I like. It always works.

Is it a practical attack?

In the real world it would be very difficult to capture 5 consecutive remote signals unless you had access to the remote, but the there are times when you willingly hand your remote over.

Who would have access to the remote?

Basically anyone you leave your vehicle with.

  • Car Service Centre
  • Tyre Shop
  • Valet Parking

There are other vehicles where a rollback attack only requires to remote signals and they don’t have to be consecutive.

Prevention

The is not much I can do to prevent the doors unlocking with this attack. Best practice is to look after your keys. 

Personally I use a Vodafone Automotive 4822 with an ADR card. The video shows High Security System Light Mode in action which prevents the car from starting. Any attempt to turn on the ignition will trigger the alarm, as would opening the bonnet. The OBD II port is also blocked.

If I programmed the alarm for Full High Security System Disarming then the alarm would trigger after opening the door.

5: OBD Port Attacks and Key Cloning

OBDII Port Protection

Every car manufactured after 1996 has an OBD-II (On-Board Diagnostic) port. While designed to help technicians read fault codes and electrical settings, this port can also be exploited by thieves.

Using affordable scan tools (now easily purchasable), a thief can program a new key via the OBD-II port, often  in just a couple of minutes, then drive away with your vehicle.

Cars with a push-to-start button are very vulnerable to this attack as a physical key is not required to start the engine.

Protection: An OBD port blocker can effectively prevent unauthorized access to your vehicle’s diagnostic connector.

6: CAN Injection Attack

The CAN Injection Attack is the latest modern car theft method making the headlines. It was first exposed by DR Ken Tindell in 2022. If you have time, click on the link, it’s a good read.

There are some vehicles where is it possible to access the CAN-BUS wires without doing any damage to the vehicle, but it’s quicker and easier, though more destructive, to rip panels apart to access the wires. Cutting open body panels is taking things to another level. 

A huge amount of time and skill goes into developing these attacks. Making the tools to carry out the theft requires a huge effort, but it’s clearly profitable.

7: Theft Using Stolen Keys

This is by far the easiest and most common method of stealing a car, It works with all vehicles.

It’s a good reminder to keep your keys in a safe spot

Protection against modern car theft methods?

IGLA Ghost Immobiliser

IGLA CAN-BUS Immobiliser

IGLA is a digital immobiliser that blocks the vehicle from being driven using CAN and LIN buses.

More details here.

Automatic Driver Recognition

ADR Card Protection

Automatic Driver Recognition prevents a vehicle from starting with the ADR Card It is an option for the Vodafone Automotive 4822 Alarm System.

More details here.

Leave a Reply

Trending now

Vodafone Automotive 4822 unboxing
Vodafone Automotive 4822 Alarm
Mongoose siren no longer works
5 Star Alarm Sirens
Fiat Ducato Alarm System
Fiat Ducato Alarm Installation Guide [2006-2024]
Dynatron D3600
Cyclops 3 Series Alarm P355, P375, P385