Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
The authors demonstrate relay attacks on Passive Keyless Entry and Start (PKES) systems used in modern cars. They build two efficient and inexpensive attack realizations, wired and wireless physical-layer relays that allow the attacker to enter and start a car by relaying messages between the car and the smart key. Their relays are completely independent of the modulation, protocol, or presence of strong authentication and encryption. They perform an extensive evaluation on 10 car models from 8 manufacturers. Their results show that relaying the signal in one direction only (from the car to the key) is sufficient to perform the attack while the true distance between the key and car remains large (tested up to 50 meters, non line-of-sight).