Key Fob Relay Attacks

The cluster discusses vulnerabilities in keyless car entry systems, especially relay attacks that allow thieves to steal vehicles by extending key fob signals, along with defenses like rolling codes, physical keys, and design improvements.

📉 Falling 0.3x Security

2,191

Comments

Years Active

Top Authors

#5637

Topic ID

Activity Over Time

2008

2009

2010

2011

2012

2013

2014

2015

168

2016

100

2017

105

2018

175

2019

2020

117

2021

119

2022

197

2023

423

2024

294

2025

182

2026

Top Contributors

kube-system (28) bri3d (21) gambiting (17) LeonM (12) wallaBBB (12)

Keywords

TPMS e.g II MITM RF CAN TLS OP VATS OBD car key unlock keys attack physical cars relay signal physical access

Sample Comments

hartator • Aug 9, 2018 • View on HN

It seems overly complicated when just relaying your key fob is a known attack that's working. The scenario of them just failing to steal the car seems more plausible.

gnaffle • Jan 28, 2014 • View on HN

Yes, but the point of this scheme is that the car "believes" the key is in close range. If that is enough to get it to open the car, the thieves don't have to break any encryption, they just need to relay the RF signal. The faulty assumption on the part of the car manufacturers is that "RF signal present" equals "keyfob nearby".

ethan_smith • Aug 17, 2025 • View on HN

This isn't about normal wear-and-tear but a fundamental security design flaw that allows thieves to steal these cars with a $25 device exploiting the CAN bus - more akin to GM shipping cars with a master key hidden under the floor mat than a pickable lock.

big_al337 • Mar 24, 2016 • View on HN

How would you prevent this type of attack while retaining the keyless start and entry feature? (just curious)

yread • Feb 26, 2024 • View on HN

Just looked into it recently, internet is full of stories likehttps://www.kiaownersclub.co.uk/threads/warning-to-kia-owner...Here is one paper describing how shit is car security"We discovered that Kia and Hyundai immobiliser keys

cycomanic • May 17, 2022 • View on HN

I thought most keyfobs have a button you need to press to unlock the car? Wouldn't that prevent almost all relay attacks, because the thief typically does not have physical access to the key?

mmh0000 • Feb 10, 2024 • View on HN

As the other reply said, you don't broadcast your metal car keys to the world every time you use them.But, also, there's a reason cars have been using microchipped keys for the last 25+ years.There are ways to transmit information securely that prevent replay and other attacks. (See: Wi-Fi, Bluetooth, TLS, etc.) If car manufacturers weren't lazy and cheap, they could solve this problem, but they don't really care. They get money when you buy the car, then if you're

gumby • Nov 5, 2021 • View on HN

Subverting the nfc key would count. Or if your car is unlocked/controlled by an app, subverting that app.

secabeen • Nov 28, 2017 • View on HN

I've always thought that a simple measure that automakers could implement is to require the keyfob to have moved in the last X seconds to authenticate an unlock. That prevents the "key is sitting on a table in my house" relay attack.

vladvasiliu • Apr 21, 2023 • View on HN

Presumably, if you're able to replace the lock on a locked car with your own, you don't need to fool anything, you're already inside the car.I guess the attack vector would rather be some unscrupulous mechanic replacing the part with a bogus one that would accept every unlock command, and the thief, in cahoots with said mechanic, would show up and unlock the car once the owner got it back from the shop.