Fourteen major car makers have been accused of “doing nothing” to protect owners from the threat of keyless car theft.
Consumer group Which? has criticised big-name manufacturers for failing to implement security improvements a year after serious vulnerabilities were exposed.
Last year, it reported on German security testing which found more than 200 new cars were susceptible to relay attacks - where criminals trick a car’s systems into believing the key is nearby in order to open and start it.
In a follow-up investigation, Which? asked 33 car makers what steps they had taken to address the issue, finding only two had fixed it across their entire ranges.
A further 12 said they had taken steps to upgrade systems on some models while 14 “have still done nothing” according to Which?
Only Tesla and Mercedes-Benz said that they had implemented changes across all models with keyless entry and start - either through a fix applied to new models or the option to disable the feature on older cars.
Of the 12 that had taken some action most had implemented fixes for their latest models, although not all would reveal which cars were affected, but many were not retroactively fixing older cars.
Citroen, DS, Honda, Hyundai, Kia, Lexus, Mazda, Mitsubishi, Nissan, Opel/Vauxhall, Peugeot, Renault, SsangYong and Suzuki, all told Which? they had not implemented any specific fix but took security seriously.
Five other brands didn’t respond to Which?, including four FCA group marques - Alfa Romeo, Fiat, Jeep and Chevrolet (which doesn’t sell new cars in the UK) - and Infiniti (which has also stopped trading in the UK).
Too many still ignoring the risks
Lisa Barber, editor of Which? Magazine, said: “A keyless entry system means you can get into and start your car without ever having to fumble for a key, but it has been exposed as a major security flaw - so it is unacceptable to hear that several manufacturers have still done nothing about it.
“While we are glad to see some manufacturers are already implementing tougher security measures, too many are still ignoring the risks and more must be done to urgently protect the thousands of insecure cars already on the road.”
Among the fixes being introduced by manufacturers are motion-sensitive fobs which deactivate after a certain period, fobs which can be manually switched off, and the use of ultra-wide-band signals which can’t be tricked by relay equipment.
Security experts Thatcham Research recently began including cars’ vulnerabilities to digital attacks in its security assessment.
In its most recent testing it reported improvements across much of the industry but found some major models still lacked sufficient protection.
Richard Billyeald, chief technical officer at Thatcham Research, said: “The number of carmakers now offering relay attack counter-measures with new vehicles is steadily increasing and should be applauded. However, all new cars with keyless systems ought to have a solution to this long-standing vulnerability in place.
“It’s also important to remember that the motion-sensor fob, while a good short-term fix, is not the ultimate solution to the keyless vulnerability, which should be designed out of new vehicles completely in the future.”