SoK: Stealing Cars Since Remote Keyless Entry Introduction and How to Defend From It
Tommaso Bianchi, Alessandro Brighente, Mauro Conti, Edoardo Pavan
TL;DR
The paper addresses the security of Remote Keyless Entry and Passive Keyless Entry systems by systematically surveying historical and modern attacks and defenses. It adopts a comprehensive methodology across major security venues to map cryptanalytic, relay, and web-based threats to current and emerging technologies (NFC, BLE, UWB, APIs). The key contributions include a consolidated taxonomy of attacks and defenses, an assessment of their deployability in real-world vehicles, and guidance for future work, emphasizing open standards and auditing. The findings reveal that while cryptographic hardening has reduced some risks, relay and RollJam attacks persist, and the expanded attack surface from web connectivity and new keys technologies necessitates robust, standards-driven defenses with industry collaboration.
Abstract
Remote Keyless Entry (RKE) systems have been the target of thieves since their introduction in automotive industry. Robberies targeting vehicles and their remote entry systems are booming again without a significant advancement from the industrial sector being able to protect against them. Researchers and attackers continuously play cat and mouse to implement new methodologies to exploit weaknesses and defense strategies for RKEs. In this fragment, different attacks and defenses have been discussed in research and industry without proper bridging. In this paper, we provide a Systematization Of Knowledge (SOK) on RKE and Passive Keyless Entry and Start (PKES), focusing on their history and current situation, ranging from legacy systems to modern web-based ones. We provide insight into vehicle manufacturers' technologies and attacks and defense mechanisms involving them. To the best of our knowledge, this is the first comprehensive SOK on RKE systems, and we address specific research questions to understand the evolution and security status of such systems. By identifying the weaknesses RKE still faces, we provide future directions for security researchers and companies to find viable solutions to address old attacks, such as Relay and RollJam, as well as new ones, like API vulnerabilities.
