Gone in 20 seconds: how ‘smart keys’ have fuelled a new wave of car crime
When Steve Jessop’s electric Hyundai car was stolen outside his west London house on a rainy day earlier this month, he appealed to neighbours for potential footage of the crime.
He quickly secured a CCTV video and was stunned at the ease with which his car had been taken. A hooded figure approached it, opened the doors without forced entry, started the engine and drove off.
Jessop’s car had gone in 20 seconds. The keys to his Hyundai Ioniq 5 were still inside his house and there was no sign of an accomplice.
“It was just incredible,” said Jessop. “I looked at it and thought: how did that happen? I genuinely thought with all the technology in this car that no one could steal it.”
Jessop got no further clues from the Metropolitan police. He filed a report on the night of the theft on 8 February and was told by email at lunchtime the next day the case had been closed.
While Jessop was left mystified at how his car had been stolen, motor industry sources who spoke to the Observer last week were less surprised.
They revealed that hi-tech devices disguised as handheld games consoles are being traded online for thousands of pounds and are used by organised crime gangs to mimic the electronic key on an Ioniq 5, opening the doors and starting the engine.
The device, known as an “emulator”, works by intercepting a signal from the car, which is scanning for the presence of a legitimate key, and sending back a signal to gain access to the vehicle. Many owners of Ioniq 5s, which sell from around £42,000, now use steering locks to deter thieves.
Hyundai says it is looking at measures to prevent the use of emulators “as a priority”. But it is not the only carmaker whose vehicles appear to be vulnerable. An Observer investigation found that models by Toyota, Lexus and Kia have also been targeted.
British motorists now face an increase in the number of thefts and rising insurance premiums. (Even before Jessop’s car was stolen, his annual car insurance premium had risen from £574 to £2,240.) Car thefts are at their highest level for a decade in England and Wales, rising from 85,803 vehicles in the year to March 2012 to 130,270 in the year to March 2023 – an increase of more than 50%.
Part of the reason, say experts, is the rise of keyless entry. Push-button keyless entry fobs for cars were first introduced in the 1980s and by the late 1990s car manufacturers were introducing keyless ignition systems, but this was generally restricted to luxury cars. Subsequently, modern “smart key” fobs, which unlock the car when the owner approaches without the need to press a button, have become more common, offering new security loopholes for crime gangs.
Motoring lawyer Nick Freeman said: “There is a strong legal argument to say these cars are insecure and not fit for purpose. The motoring industry has been negligent. It has failed to prioritise security and motorists are paying the price.”
An Observer investigation has found how the industry was warned more than a decade ago of problems in the software it was deploying in cars. A report in 2011 from the University of California and the University of Washington warned of the security vulnerabilities of modern cars, implementing an “attack” to “unlock the doors [and] start the engine”.
The next year, Stephen Mason, a retired barrister and co-editor of the book Electronic Evidence and Electronic Signatures, warned in an issue of Computer Law and Security Review that there was an “increasing amount of technical literature on how keyless entry systems can be undermined successfully”. He warned of the risk of “relay attacks” on smart key systems. A thief using this technique can use software to extend the range of the signal the key is broadcasting – even if it is inside a home – activating the unlocking sequence and allowing the car to be driven.
By early 2015, the Met was warning that 6,000 cars and vans a year were being stolen without the keys. Last year insurance company Aviva said owners of modern keyless vehicles were twice as likely to make a theft claim. The Met also identified car models “vulnerable to new theft devices” which included the Kia Niro and the Hyundai Ioniq.
Ben Pearson, a former traffic officer with West Yorkshire police and adviser to Nextbase, a dashcam maker, said most of the car thefts he dealt with during his last year with the force in 2020 involved relay attacks on keylessignition vehicles. He said: “It’s amazing that you don’t need any training and you can steal someone’s car in seconds.”
Another common attack is to hack into the vehicle’s onboard diagnostic port, which is typically under the dashboard and allows access to the vehicle