VIDEO: Security researchers demonstrate fast and cheap relay hack of keyless entry system in cars

Keyless entry systems are not uncommon in cars these days but they are also the target of unscrupulous hackers who are able to spoof the signal from a car key fob to open a vehicle’s doors. Now, a group of researchers at the Beijing-based security firm Qihoo 360 has demonstrated that the attack is not only easy to execute, but can be done relatively cheaply as well.

Presenting their findings at the Hack In The Box Security Conference (HITBSecConf) in Amsterdam, the group (who called themselves UnicornTeam) said their relay hack allows them to steal cars parked more than a thousand feet away from the owner’s key fob.

A short video shows us how the attack is carried out, which involves two people. One hacker holds a device in close proximity with the victim’s key fob, capturing the radio signals transmitted from it. Meanwhile, the hacker’s accomplice will receive the signals on a separate device, sending it to the car, allowing him/her to unlock the doors.

The attack therefore tricks both the car and real key fob into thinking they’re in close proximity. This concept has been demonstrated before, although it previously involved just recording the radio signal, transmitting it, and playing it back.

UnicornTeam’s approach differs in that their custom devices are able to demodulate the signal, allowing them to send the decomposed signal bit by bit at a much lower frequency. This allows for signals to be sent further (up to 1,000 feet), compared to 300 feet as shown in past tests by other groups.

More impressively, the cost of the devices are revealed to be in the region of around 20 euros (RM94), according to their presentation slides, making them substantially cheaper than other devices. Also included is list of possible countermeasures to the attack, including placing the key fob in a Faraday bag and reducing the amount of time it takes before the car’s lock system times out.

Looking to sell your car? Sell it with Carro.

10% discount when you renew your car insurance

Compare prices between different insurer providers and use the promo code 'PAULTAN10' when you make your payment to save the most on your car insurance renewal compared to other competing services.

Car Insurance

Gerard Lye

Originating from the corporate world with a background in finance and economics, Gerard’s strong love for cars led him to take the plunge into the automotive media industry. It was only then did he realise that there are more things to a car than just horsepower count.



  • Kunta Kinte on May 02, 2017 at 4:32 pm

    Jalan Pasar can buy. So cheap. But polis never do anything also to confiscate the devices cause they themselves are involved in the syndicates stealing cars!

    Like or Dislike: Thumb up 5 Thumb down 8
    • kitamaj-paw on May 03, 2017 at 9:18 am

      “interesting” comment from an “interesting” guy with an “interesting” mindset. can’t wait for what will this guy comment next ;)

      Like or Dislike: Thumb up 3 Thumb down 0
  • Leafable on May 02, 2017 at 4:33 pm

    Good news for those who too lazy to walk and park near them. Park a bit further and do a bit of walking good for your big belly.

    Like or Dislike: Thumb up 4 Thumb down 0
  • Remimd me to Fast 8 movie. A lot of cars she can hacked and set to auto driving mode.

    Like or Dislike: Thumb up 0 Thumb down 0
  • But can they start the car w/o keyfob? Otherwise, will only stand to lose whatever inside car. Just dun keep 50k cash in the car lah!

    Like or Dislike: Thumb up 6 Thumb down 0
    • Mikey on May 03, 2017 at 11:49 am

      LOL’s. Who keep 50k Cash in a Car ?? Even Ah-Long don’t do that. I know U are just trying to be Cheeky.

      Regarding your question – can they start the car w/o keyfob? The smart Alec would take the 50k Cash & flee without a trace bcos the cash is most likely unmarked thus not traceable while the Vehicles is traceable bcos the Chassis & Engine no are registered. Good comment though. Cheers

      Like or Dislike: Thumb up 0 Thumb down 0
  • arowana on May 02, 2017 at 4:43 pm

    so insurance premium will increase for keyless entry cars due to easily get stolen

    Like or Dislike: Thumb up 5 Thumb down 1
    • No security chip inside keyfob/carkey, still cant start car.

      Like or Dislike: Thumb up 2 Thumb down 0
      • Everything from original carkey has been copied to the devices. The car logically can be start. Everybody can be thief after this.

        Like or Dislike: Thumb up 0 Thumb down 0
        • Logically, yes.
          Theoretically, yes.
          Practical, No.

          The secu chip code need to be reprogram to another chip frm manufacturer for the cloning to work. Unless the thief can steal ori secu chip.

          Like or Dislike: Thumb up 1 Thumb down 1
          • Kimi Raikkonen on May 03, 2017 at 11:47 am

            Dude did you finish reading before commenting?

            It’s a duplicate of the signal from original keyfob. Don’t need canggih chip code or whatnot. Car can be opened and started, just that it cannot be turned off once it had been started.

            In theory it’s just a signal booster for the key. To the car – it is as if the key is there. Simplest way to counter this? Having remote unlock but keyed start.

            Like or Dislike: Thumb up 1 Thumb down 3
          • @Kimi.
            A modern car have something called immobilizer, and its independent of signal from keyfob. I suggest u read 1st b4 tryin to bash my comment.

            Like or Dislike: Thumb up 0 Thumb down 1
        • stasta on May 08, 2017 at 2:30 pm

          the car cannot be started because the immobilizer must detect the code from the chip which is embedded inside every key. ignorant ppl like Alex and Kimi should voluntarily ban themselves from commenting on this forum.

          Like or Dislike: Thumb up 0 Thumb down 0
  • Brandon on May 02, 2017 at 11:34 pm

    Now we can wait which car company will be the first recall all their customer car to change car keyless security system. I don’t think Proton will be the first.

    Like or Dislike: Thumb up 0 Thumb down 2
    • Why does it have to be P1 when practically ALL car manufacturers r affected?

      Like or Dislike: Thumb up 4 Thumb down 0
  • Semi-Value (Member) on May 02, 2017 at 11:55 pm

    this is why i dont bother to lock my car at all…put snake in car better security system

    Like or Dislike: Thumb up 17 Thumb down 0

Add a comment