New models hitting car showrooms this year still have keyless technology that can be infiltrated and stolen by criminals using relay attacks, motor experts have found.
Assessments of 13 new cars found that some models are still being launched with ‘inherent security vulnerabilities’, according to Thatcham Research.
‘Poor’ ratings were awarded to the Mazda CX-30, MG HS, Subaru Forester and Vauxhall Corsa because engineers were able to access and start these vehicles using relay attack equipment.
‘Inherent security vulnerabilities’: Security experts say the £22,895 Mazda CX-30 family SUV is one model that they were successfully able to relay attack using the same techniques deployed by keyless car thieves
The vehicle security and safety company conducted its latest round of consumer security rating tests on a batch of new cars, many of which are going on sale for the first time in 2020.
The results show that while progress is being made by carmakers, some models are being launched to market while still exposed to the latest wave of vehicle-stealing techniques.
Four of the cars tested were found to not have any keyless security systems in place to block hi-tech thefts, with Thatcham’s team able to successfully carry out a relay attack on each.
The Mazda CX-30, MG HS Excite T-GDI, Subaru Forester e-Boxer XE Premium and Vauchall Corsa Ultimate Turbo 100 were all given a ‘poor’ rating as a result.
The MG HS SUV – available from £17,995 – is another model found to have keyless technology that can be infiltrated
Left: Thatcham Research engineers were able to relay attack the keyless system of the hybrid Subaru Forester (priced from £35,995). Right: Testers were also able to do the same with the latest Vauxhall Corsa hitting the market in 2020, priced from £15,750
The only rating lower than this is ‘unacceptable’, which has so far only been awarded last year to the Suzuki Jimny 4×4 – a car that’s being removed from European markets because it produces high CO2 emissions.
Richard Billyeald, chief technical officer at Thatcham Research, said: ‘The number of carmakers now offering relay attack counter-measures with new vehicles is steadily increasing and should be applauded.
‘However, all new cars with keyless systems ought to have a solution to this long-standing vulnerability in place.’
Lee Griffin founder of motor insurance comparison website GoCompare, commented: ‘A claim resulting from such a crime [relay theft] is usually very expensive as often the whole car is driven away, resulting in the insurer having to pay out the market value of your car.
‘Besides the financial impact, losing your car in this way can be highly distressing and can have an impact on your life, particularly if you are highly dependent on your car.
‘While car manufacturers need to develop ways to remove relay attack vulnerability from their vehicles, there are steps you can take, not least checking that you have the right insurance in place.’
Thatcham Research welcomed the introduction of motion sensor technology to keyless vehicle fobs, though said manufacturers needed to do more to tackle the spate of relay thefts
The new cars rated superior
Seven of the 13 cars tested – the BMW X6, BMW 2 Series Gran Coupe, Land Rover Discovery Sport, Mini EV, Porsche Taycan, Škoda Superb and Toyota Supra all – gained ‘superior’ ratings for all-round security and the presence of a system to block relay attacks.
Many of these manufacturers are fitting their keyfobs with motion sensors that can switch themselves off when drivers leave them in their home.
They only activate again when the owner picks them up, preventing thieves from being able to use devices to duplicate the fobs signal while the owner is in their home asleep.
While Thatcham has welcomed this technology, it says it is only a short-term solution and manufacturers need to introduce more advanced blocking systems.
‘It’s also important to remember that the motion-sensor fob, while a good short-term fix, is not the ultimate solution to the keyless vulnerability, which should be designed-out of new vehicles completely in the future,’ Billyeald added.
Last week, This is Money revealed the 10 cars that were most commonly reported stolen to the DVLA.
The list was a mix of extremely popular mainstream cars and premium models likely to have keyless technology that are being stolen to order.
Tesla’s ability to upgrade security systems with firmware updates means the Model 3’s poor rating is likely to be increased
‘Poor’ rating for Tesla’s Model 3 – but not for long
The four cars that could be relay attacked weren’t the only ones to receive lowly ratings in the latest round of tests.
The MG HS Excite T-GDI was also scored as poor while the Hyundai i10 Premium Mpi and Tesla Model 3 were both rated as ‘basic’.
These were found to be missing some security features related to their resistance to digital thefts, immobilisers, alarms, double locking systems and wheel security.
All of these elements need to meet minimum insurer requirements.
However. Tesla’s rating is likely to be increased following an upcoming firmware update.
Billyeald comments on the rating for the Tesla Model 3: ‘Thatcham Research has been working closely with Tesla on the security features on the Model 3.
‘Their ability to enhance security functionality via advanced connectivity across all vehicles is a huge advantage.’
SAVE MONEY ON MOTORING
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.