A year after we called for more stringent security on keyless-entry cars, we take a look at the manufacturers that have improved their technology to protect their customers - and the ones that haven't.
In January 2019, we reported that the German General Automobile Club (ADAC) had found 230 cars to be susceptible to a relay attack. This effectively tricks a keyless-entry car into thinking that your key is closer than it is using cheap electronic equipment bought online.
Since then, Thatcham Research, which conducts tests on vehicle safety and security, has found even more cars that have the same vulnerability.
During this time, car thefts in England and Wales have also increased. In fact, for the year ending in June 2019 there was a 7% increase in the sub-category 'theft or unauthorised taking of a motor vehicle'.
We don't think this is acceptable. So we contacted more than 30 car brands to find out what they're doing to protect their customers against relay attacks. Keep reading to see whether your car might be affected.
Cars with keyless entry unlock automatically when the key comes within a certain, short-range distance of the car. Using 'relay' boxes - one near your car and the other near where you keep your key - thieves can lengthen the signal produced by your key, fooling the car into thinking the key is close by. The thieves can then open and start your car, and drive it away.
We contacted the manufacturers of 33 car brands to ask them what they're doing to protect new and existing keyless cars from theft.
Only two brands have implemented fixes across their entire range, and a worrying 26 brands still aren't providing all of their customers with the security they deserve.
Of those 26, 12 have found fixes but are only implementing it on some models, while 14 have still done nothing.
Unfortunately, five brands didn't respond to our questions by the time we published, therefore we are unable to comment on what progress they have made.
Unfortunately, the following five manufacturers didn't reply to our questions regarding the models that failed one or more of the relay attack tests:
pdf (851 KB)
There is a file available for download. (pdf — 851 KB). This file is available for download at .
ADAC and Thatcham haven't tested every keyless-entry car, so don't assume your vehicle is secure just because it isn't on these lists. Some 92% of the cars that have been tested were insecure at the time of testing. So if you own a keyless-entry car, it may be at risk from the same attack.
Our video, below, shows that it takes just 18 seconds to steal a car using the relay attack.
It also shows our interview with the West Midlands police and crime commissioner, David Jamieson - find out what he wants car manufacturers to do about car security.
Although Thatcham Research has been testing security features and keyless vulnerabilities since early 2019 as part of the Thatcham Research Consumer Security Rating, it will only officially be featured in the New Vehicle Security Assessment (NVSA) in January 2021.
This should see new cars starting to be better protected.
It's positive to see a handful of manufacturers that are actively implementing tougher security measures to their cars before it's formally included in the NVSA. However, there are still far too many brands ignoring the detriment to their customers and continuing to sell cars with a known vulnerability.
Manufacturers must do more to protect the thousands of insecure cars already on the road.
A motion-sensor key is a fob that turns itself off after it's been motionless for a set period of time.
This is one of the fixes that Thatcham Research claims can significantly reduce the risk of a relay attack.
The time it takes for a fob to turn itself off can vary from just two minutes to 15 minutes, depending on the manufacturer. Thatcham doesn't currently set a time limit during testing.
Richard Billyeald, chief technical officer at Thatcham Research, told us: 'Motion-sensor keys are not a solution, but they are a good fix. It will work for when thieves are trying to steal a car from a driveway when the key is in the house. There is still a risk in places such as car parks or train stations - but much less so.'
We contacted every manufacturer mentioned to ask what they're doing to protect new and existing keyless cars from theft.
Several said that they didn't want to disclose the technologies behind their systems, as it may affect the security risk to products and customers, while , Nissan, Peugeot and Renault reasserted that their customers can disable the keyless functionality completely to avoid the risk.
Kia also mentioned its new Kiasafe case, which it claims will help to reduce the risk of theft. It's available from participating dealers during the handover process. Existing Kia owners will need to buy one from a dealer for £9.99.
Other manufacturers have introduced measures to protect their vehicles against the relay attack. These include:
Other Land Rover and Jaguar models that will have the fix include 2020 keyless models of the Range Rover Evoque, Discovery Sport and Defender, and keyless models of the Range Rover, Range Rover Sport and Jaguar I-PACE.
If you have an older keyless model from Land Rover or Jaguar, you won't have or be able to get the fix. Instead, Land Rover suggests following advice on its website, which includes deadlocking you car by pressing the lock button twice and using visible physical devices as a deterrent.
If you're worried about your keyless-entry car's security, here's what you can do: