Key-less Vehicle Thefts

Key-less Vehicle Thefts

Thieves are able to steal Key-less vehicles without the physical key fob. There are several ways in which the key data can be electronically captured and/or written to the vehicle electronic system.

Key-less electronic ignition systems are designed to only be started with the use of a properly programmed electronic key fob. The electronic key fob data is bi-directionally exchanged in one of two ways. The first is by electromagnetic induction, where the electronic key fob data is exchanged through direct contact between the electronic key fob and the electronic ignition lock or a designated electronic key fob position where the electronic key fob data can be read. The second is by communicating with the electronic key fob via antennas positioned throughout the vehicle on proximity type key-less ignition systems.

Since the key-less electronic ignition system cannot be physically defeated the vehicle system must be electronically re-programmed, which will require a professional thief to obtain OEM proprietary programs, on certain vehicles, and will require the proper equipment, skills, and knowledge.

Vehicle thefts involving key-less electronic ignition systems can be taken in a few ways.

First, is towing, which requires no access to the vehicle electronics at the time of the vehicle theft.

Second, is by programming an electronic key fob to the vehicle electronic system. This procedure requires the proper hardware and software, along with an electronic key fob that is designed to be used with the targeted vehicle year, make, and model. This procedure requires access into the vehicle as a computer/programming device needs to be directly connected to the diagnostic port, generally located underneath the left dashboard. This procedure can take as much as 10 minutes or as little as 3 minutes.

Third, is theft by antenna (relay attack). Two antennas are needed in the attack. One antenna needs to be in close proximity to the targeted vehicle and the other antenna needs to be within approximately 26 feet of the vehicle electronic key fob. The electronic key fob data is then relayed from one antenna to the other antenna allowing the targeted vehicle to be electronically entered and the vehicle engine to be electronically started. The attack works no matter what cryptography and protocols the electronic key fob and vehicle computer system use to communicate. There generally needs to be an open line of communication between the antenna and the electronic key fob. Electronic components (cell phones, hand-held electronic devices, etc.) and surrounding metals may potentially interfere, attenuate, or disrupt the electronic key fob data transfer.

Fourth, is electronic key FOB cloning. A Flipper Zero is an inexpensive device that has a low-frequency RFID module capable of reading, saving, emulating, and writing RFID cards as well as storing electronic key fob data. This device requires direct access to the vehicle key fob, where the electronic key fob data can be cloned and stored, and potentially used at a later time.

Lastly, the CAN injection attack/headlamp highjack. Attackers can physically “piggyback” into vehicle electronic component electrical wiring, by pulling away bumpers and other trim pieces, and connecting a compatible emergency start device to any of the accessible CAN buses, allowing the attacker to bypass all security protocols and gain direct access to the vehicle’s functions, including the electronic ignition system.

© 2026 Chad Tredway. All rights reserved. This article may not be reproduced, distributed, or transmitted in any form or by any means without prior written permission from the author.