My neightbour came round yesterday to say that both his BMW and his wife's Renault were remotely opened the previous evening, stuff taken including a Debit/Credit card which was used four times to buy fuel.

Now interestingly a few months ago I chose to turn off my keyless entry so I am not able to confrim if my 500X is/was at risk.

Now of course it could be that my neighbour thought their cars were locked when they were not. Now she is often locading and unloading shopping & kids which is a big distraction with several trips too and from the car so the scope for no locking is high. He seems to be practically clueless.

What I can say with absolute confidence is that I turned my keyless entry off for two reasons:

1) occasionally locking my wife in the car due to the deadlocks automatically operating. Scary if you are locked in like that (reported to Fiat but they won't reverse the software update)

2) I was getting too used to not using the fob as a matter of normal routing that I had on several occasions left my car unlocked overnight.

But wether you use or do not use the keyless entry system I don't think anyone has confirmed or denide if the 500X systems (almost certainly used in other FCA vehicles) is vulnerable to the remote relay or other hacks.

s130 said:

But wether you use or do not use the keyless entry system I don't think anyone has confirmed or denide if the 500X systems (almost certainly used in other FCA vehicles) is vulnerable to the remote relay or other hacks.

Click to expand...

So a little more research confirms the 500X uses the Hitag-2 system (Continental make using NXP (formerly Philips Semiconductors) and there are quite a few papers out there on the Cryptography used and how to hack with suitable hardware.

What I've not come across yet is the analysys of the relay attack and the practical distances involved.

Presumably your neighbours left their keys too close to the front of the house, allowing the signal from the key to be 'caught' from outside. I think Nissan reduced their key transmitter range to having to be very close to the car, you might like to test that, have someone try to open the car as you get progressively closer.

If keyless has been turned off, that means the car should ignore all keyless signals, accepting only the normal remote signals. I would think the key is still sending its keyless signal, as it will be necessary for starting once inside, but anyone receiving this signal cannot use it to gain entry, but could use it to start the car if entry is gained another way. (e.g. window/brick)

I turned it off for a while when I had my 500X, but turned it back on after a couple of weeks because I liked the convenience. The Hyundai I have now doesn't have the option to turn off the keyless, so the fob lives in a Faraday pouch in the house. These do deteriorate though - mine prevented keyless entry perfectly when new, but I checked it the other day and it was ineffective after 18 months. Luckily I bought 2 for under a tenner, so the other one has been pressed into service. The spare key is in a key safe wrapped in foil, which is also 100% effective.

My wife recently bought a 2018 Renault Captur and the keyless feature on that is disabled if you lock it with the keyfob button - simple. It does switch back on next time you drive it, but perhaps your neighbour with the Renault could check whether hers has that feature.

I've also "supposedly learnt", but have no proof because my neighbours demo was a little flakely, that some of these keyless entry fobs will shut down after a period of inactivity. So when you get home and put the keys to rest then x seconds / minutes later the fob becomes totally inactive.

Now this is a neat solution to the remote relay hack unless they strike in the fobs timeout window.

But I think for us FCA bods I doubt our Hitag-2 fobs are fitted with inertial/motion sensors and I can't see FCA providing "cheap" replacements so we are left with potentially vulnerable vehicles.

I once said (shame on me) the relay attack was less of an issue for Fiats being stolen (who want's to steal a Fiat when you can grab a Mercedes or BMW) but I now realise that just someone being able to open and rummage through your car (even if they take nothing) is actually quite worrying and distressing. So I hereby correct my previous view.

As they say:

"A man's home is is castle" ........

Well

"My Fiat(s) is(are) my Castle and thus borders must be repelled. In the US you just shoot the *astards. In the UK you "phone a friend" and hope for the best.

I certainly heard that Mercedes had introduced motion sensing to their fobs, the hands free facility stops working after the for has been stationary for a minute or so.

Well Thatcham view these motion Fobik keys as only a short temr solution.

https://www.driving.co.uk/news/motion-sensor-fobs-short-term-fix-keyless-car-thefts-say-security-experts/

Interesting. They don't explain how relay theft would still work if the key goes into "sleep" mode and doesn't transmit.

I don't think the relay attack does work with keys that go to sleep. I think they are eluding to the fact that there are other security flaws like breaking in and then physical connection to the EOBD socket. From there one can extract pins/security keys, remote start etc. I doubt they are ging to publish the details for obvious reasons.