What Is a Relay Attack? How Thieves Steal Keyless Cars (And How to Stop Them)
By Irina Gedarevich · Digital Guard Dawg Technical Team
6/5/2026
Your car is parked in your driveway. Your keys are sitting on the kitchen counter. And right now, two thieves with $200 worth of electronics could drive away in your vehicle — without breaking a single window.
That’s relay attack car theft, and it’s one of the fastest-growing vehicle crimes in the world. In the UK alone, relay attacks now account for over 50% of all vehicle thefts involving keyless cars. In the US, police departments from Chicago to Los Angeles have issued warnings about organized rings using this exact technique.
The scariest part? The entire theft takes under 60 seconds, leaves zero evidence of forced entry, and your car alarm never makes a sound.
Here’s everything you need to know about how relay attacks work, which cars are vulnerable, and — most importantly — how to make sure yours isn’t next.
How a Relay Attack Works: The 30-Second Theft
A key fob relay attack is deceptively simple. It doesn’t require hacking, code-breaking, or any Hollywood-style technology. It exploits a basic design flaw in factory keyless entry systems: they can’t tell the difference between your real key fob being nearby and a relayed copy of its signal.
Here’s the step-by-step breakdown:
Step 1: Thief #1 Gets Close to Your Key Fob
One thief stands near your front door, a window, or even walks past you in a parking lot. They carry a small device — about the size of a tablet — called a signal amplifier. This device picks up the low-power radio signal your key fob constantly broadcasts, even when it’s sitting idle in your pocket or on a table.
Step 2: The Signal Gets Relayed to Thief #2
The amplifier boosts your fob’s signal and transmits it wirelessly to a second device (a relay transmitter) held by the second thief, who’s standing right next to your car. The range between the two devices can be 30 feet, 100 feet, or even farther with higher-end equipment.
Step 3: Your Car Thinks the Key Is Right There
Your vehicle receives what it believes is a legitimate signal from your key fob. It has no way to verify distance — only signal validity. So the doors unlock. The dashboard lights up. Everything behaves exactly as if you walked up with your keys.
Step 4: The Thief Drives Away
Thief #2 climbs in, presses the start button, and the engine fires up. Most keyless systems only verify the fob’s presence at startup — not while driving. That means the thief can drive your car for hours (or until the fuel runs out) without the engine shutting off.
Total elapsed time: 20 to 60 seconds. No broken glass. No alarm. No witnesses who saw anything unusual — just someone who appeared to unlock their own car.
Why Your Car Alarm Won’t Save You
This is the detail that shocks most people. Because the relay attack uses your actual key fob’s signal (not a cloned or spoofed one), your car’s security system treats the entire interaction as completely legitimate. The alarm doesn’t trigger. The immobilizer doesn’t engage. From the car’s perspective, you just unlocked it and drove away.
Which Cars Are Vulnerable to Relay Attacks?
The short answer: any vehicle with passive keyless entry (PKE).
If you can unlock your car and start the engine without physically pressing a button on your fob — just by walking up to it with the key in your pocket — your car uses passive keyless entry. And that signal can be relayed.
This includes millions of vehicles on the road right now:
• Luxury brands: BMW, Mercedes-Benz, Audi, Range Rover, Lexus, Porsche
• Mainstream brands: Toyota, Honda, Ford, Chevrolet, Hyundai, Kia, Nissan, Volkswagen
• Electric vehicles: Tesla Model 3/Y (Bluetooth-based, but similar vulnerability), Rivian, newer EVs with phone-as-key systems
• Trucks and SUVs: Ford F-150, RAM 1500, Chevrolet Silverado — if equipped with keyless entry
The German automotive association ADAC has tested hundreds of keyless models between 2016 and 2024. Their finding? Over 90% of tested vehicles failed to block relay amplification, even models with so-called “advanced encryption.”
The encryption protects against code cloning — but relay attacks don’t clone anything. They simply extend the range of your legitimate signal. Encryption doesn’t help if the system can’t verify distance.
Real-World Relay Attack Statistics
This isn’t a theoretical risk. The numbers tell a clear story:
|
Statistic |
Source |
|
58% of UK car thefts involved keyless entry manipulation (2023–2024) |
Auto Express / Crime Survey for England and Wales |
|
70% of stolen vehicles in the UK taken via relay methods |
Association of British Insurers, 2024 |
|
Over 90% of tested keyless cars vulnerable to relay attacks |
ADAC (Germany), 2016–2024 testing |
|
Relay attacks account for 60% of vehicle thefts in London |
Metropolitan Police / GOV.UK |
|
Keyless car thefts in Toronto rose from 58% to 74% of all thefts (2020–2024) |
Toronto Police Service |
|
Over 1 million vehicles stolen in the US in 2023 (record high) |
NICB |
|
Relay devices available online for as little as $100–$200 |
BBC investigation |
The trend is unmistakable. In 2019, only 14% of UK car thefts used relay methods. By 2024, that number had quadrupled. North America is following the same trajectory as relay device kits become cheaper and more accessible online.
5 Ways to Protect Against Relay Attack Car Theft
Now for the part that actually matters. Here are five proven methods to protect your vehicle, ranked from basic to bulletproof.
1. Use a Faraday Pouch ($10–$25)
What it does: A Faraday pouch (or Faraday bag) is lined with metallic material that blocks radio signals. Drop your key fob inside, and it can’t broadcast — which means there’s nothing for thieves to amplify.
Pros: - Cheapest option available - Works immediately, no installation required - Effective when properly sealed
Cons: - You have to remember to use it every single time - Cheap pouches often leak signal (test yours by trying to unlock your car with the fob inside) - Wears out over time — the shielding degrades with use - Doesn’t protect you in parking lots (when the fob is in your pocket, not the pouch)
A quality Faraday pouch is a solid first line of defense, but it’s a behavioral solution — it only works if you never forget to use it.
2. Store Your Keys Away from Doors and Windows
What it does: Relay devices have a limited range for picking up your fob’s signal. Storing your keys in the center of your home (rather than on a hook by the front door) can put them out of reach.
Pros: - Free - Reduces signal availability
Cons: - Not a guarantee — higher-powered amplifiers can reach farther - Doesn’t help at all in public spaces - Easy to forget, especially with multiple family members
3. Disable Passive Entry in Your Car’s Settings
What it does: Some vehicles let you turn off the passive keyless entry feature through the infotainment system or dealer settings. This means you’d need to physically press the unlock button on your fob.
Pros: - Eliminates the passive signal entirely - No cost
Cons: - Not available on all vehicles - Sacrifices the convenience of keyless entry - Settings may reset after battery changes or dealer service - Still relies on the factory fob system, which has other vulnerabilities (signal jamming, code grabbing)
4. Add a Steering Wheel Lock ($30–$80)
What it does: A visible physical barrier that locks the steering wheel in place. Even if a thief gets into your car and starts the engine, they can’t steer.
Pros: - Strong visual deterrent — thieves prefer easy targets - Works regardless of electronic vulnerabilities - Relatively cheap
Cons: - Inconvenient to use daily - Can be defeated with enough time and the right tools - Doesn’t prevent entry or engine start — only steering
5. Replace Factory Keyless with Aftermarket RFID Ignition — The Nuclear Option
This is where the conversation shifts from “reduce the risk” to “eliminate it.”
Factory keyless entry systems use long-range radio signals (typically 30–100+ feet) because they’re designed for convenience — you shouldn’t have to dig for your keys. But that long range is exactly what makes relay attacks possible. If the signal travels far, it can be amplified farther.
Aftermarket RFID keyless ignition systems — like the Digital Guard Dawg iKey Premier — take a fundamentally different approach. They use short-range RFID technology (developed by Texas Instruments) that requires the authorized tag to be within inches of the receiver to authenticate.
You can’t relay a signal that only works at 2–3 inches. It’s physically impossible. A thief standing at your front door can’t amplify an RFID signal to someone standing at your car 50 feet away — the physics don’t work.
Here’s what makes DGD’s system different:
• Dual-Frequency Dual-Encryption (DFDE): Two layers of encrypted communication, not one
• Over 6 billion unique codes: Virtually impossible to clone or brute-force
• RFID, not RF: Short-range by design — the signal dies within inches
• Vehicle immobilizer: The car physically cannot start without the authenticated RFID tag present
• Works on almost any vehicle: From a 1967 Mustang to a 2024 Silverado
• No permanent modifications: Installs alongside your existing electrical system
The iKey Premier is DGD’s flagship system, offering passive keyless entry, push-button start, alarm, and immobilizer — all secured by RFID instead of the long-range RF your factory system uses.
Already have an aftermarket alarm or remote start (Viper, Compustar, etc.)? The PBS-X expansion module adds RFID push-button start and immobilizer capabilities to your existing setup.
Why Aftermarket RFID Beats Factory Keyless Security
Let’s break down the technical difference in plain language.
|
Feature |
Factory Keyless Entry |
DGD RFID System |
|
Signal Type |
RF (Radio Frequency) |
RFID (Radio Frequency Identification) |
|
Operating Range |
30–100+ feet |
2–3 inches |
|
Can Be Relayed? |
Yes — that’s the whole problem |
No — signal dies at inches |
|
Encryption |
Single-layer (varies by manufacturer) |
Dual-Frequency Dual-Encryption (DFDE) |
|
Unique Codes |
Varies (often millions) |
Over 6 billion |
|
Always Broadcasting? |
Yes — passive signal 24/7 |
No — only active at close range |
|
Immobilizer |
Software-based (can be bypassed via OBD) |
Hardware RFID immobilizer |
The core issue with factory keyless systems isn’t the encryption — it’s the range. A signal that’s designed to work at 30+ feet can always be extended to 100+ feet with the right equipment. DGD’s RFID approach solves this at the physics level, not the software level. There’s no signal to capture from a distance because the signal doesn’t exist at a distance.
This is also why DGD’s technology is trusted by law enforcement agencies, the US Special Forces, and even the Presidential Motorcade — applications where “good enough” security simply isn’t acceptable.
Frequently Asked Questions
Can a relay attack work on any keyless car? Yes. Any vehicle with passive keyless entry is theoretically vulnerable. ADAC testing found over 90% of keyless models they tested could be opened and started using relay devices. The brand or price of the car doesn’t matter — it’s the underlying technology that’s exploitable.
How far away can thieves relay my key fob signal? Standard relay kits work at distances of 30–100 feet. More advanced (and more expensive) setups can relay signals even farther. That’s why storing keys in the center of your home helps, but isn’t a guarantee.
Will wrapping my key fob in aluminum foil work? It might reduce the signal, but it’s unreliable. Foil doesn’t create a proper Faraday cage — there are gaps and inconsistencies. A purpose-built Faraday pouch is a better option, though even these should be tested regularly.
Does relay attack car theft set off my car alarm? No. Because the attack uses your real fob’s signal, the car treats the unlock and start sequence as completely authorized. No alarm is triggered.
Can thieves drive my car forever after a relay attack? Most keyless systems only check for the fob during startup. Once the engine is running, the thief can drive until the tank is empty. Some newer vehicles will display a “key not detected” warning after a while, but they generally won’t kill the engine while in motion for safety reasons.
What’s the difference between relay attacks and signal jamming? Signal jamming blocks your fob’s lock command so your car stays unlocked when you walk away (but it doesn’t start the engine). A relay attack extends your fob’s signal to both unlock and start the vehicle. They’re different crimes that exploit different weaknesses.
Is an RFID system like DGD’s hard to install? The iKey Premier comes with a 36-inch plug-in harness and is compatible with almost any vehicle. Many owners install it themselves, though professional installation is available. No permanent modifications to your vehicle are required.
Don’t Wait for a Relay Attack to Happen to You
Relay attack car theft isn’t slowing down. The devices are getting cheaper. The tutorials are all over the internet. And factory automakers are years behind in fixing the fundamental vulnerability.
You can spend $15 on a Faraday pouch and hope you never forget to use it. You can disable your keyless convenience features. You can add a steering wheel lock.
Or you can eliminate the vulnerability entirely with an RFID-based ignition system that’s physically immune to relay attacks.
Check out the iKey Premier or PBS-X at Digital Guard Dawg and replace your biggest security weakness with military-grade RFID protection.
