how-relay-attacks-steal-keyless-cars – LOCKCAR

YOUR CAR

CAN BE STOLEN

in under 60 seconds with no alarm triggered

Find Out How to Protect Your Vehicle
Technical Guide · 2026

How relay attacks steal keyless cars in under 60 seconds

No alarm. No broken window. No key. Your car is gone before you hear anything. Here’s exactly how it works — step by step — and what actually stops it.

By Victor, LockCar · Updated March 2026 · 8 min read

A relay attack doesn’t bypass your factory security. It makes it irrelevant. Two cheap devices, two people, sixty seconds. Your car drives away and you won’t know until morning.

What is a relay attack?

A relay attack is a theft technique that amplifies your car key’s signal across a distance it was never designed to travel. Your keyless entry system was designed to work when the key is within about a metre of the car’s receiver. A relay attack makes the car think the key is right there — when it’s actually 20–50 metres away, inside your house.

The result: the car unlocks, the engine starts, and the theft is electronically indistinguishable from you walking up with your key. No alarm triggers. No unusual signal is detected. No forensic evidence is created.

£50cost of relay attack equipment — available online
60stypical time from approach to driving away
70%of UK keyless vehicle thefts use this method

Step by step: exactly how it happens

1

Thief 1 approaches your front door or window

Armed with a relay receiver, they position it near your door — close enough to pick up the signal from your car key inside the house. Most modern key fobs transmit a continuous low-level signal that can be captured through walls and doors.

2

Thief 2 stands next to your car with a relay transmitter

The second device receives the amplified key signal from Thief 1 and retransmits it to the car’s door handles and engine immobiliser receiver. The car sees a genuine key signal at close range.

3

The car unlocks and the factory immobiliser is satisfied

Because the signal is genuine — it’s your actual key’s transmission, not a clone — the factory immobiliser verifies it as valid. The door unlocks. The engine is authorised to start.

4

Thief 2 starts the engine and drives away

The entire process takes 30–90 seconds. No alarm has triggered. No window has been broken. No key has been cloned. Your car is simply gone.

Which cars are most vulnerable?

Any car with keyless entry — where you don’t have to press a button on the key fob to unlock the door — is potentially vulnerable to a relay attack. The vulnerability is in the architecture of keyless entry systems, not in any specific manufacturer’s implementation. Common targets include Range Rover (all models), BMW 3-7 series, Mercedes C and E class, Ford Fiesta and Focus (newer keyless models), Volkswagen Golf, and most Toyota/Lexus models with smart key.

What doesn’t stop a relay attack

Faraday pouches — partially effective

A Faraday pouch blocks signal while the key is in it. But the moment you pick it up or take it out of the pouch, full vulnerability resumes. And many people forget to use them consistently.

Steering wheel locks — do not prevent relay attacks

A steering wheel lock prevents the car being driven — after it’s been unlocked and started via a relay attack. It may slow a thief down, but the car is already compromised. It also doesn’t prevent flat-bed tow theft.

Storing keys in the fridge — unreliable

Steel and electrical interference can reduce key signal — but refrigerator materials vary enormously and this is not a reliable technical countermeasure. It is folk wisdom, not engineering.

What actually stops a relay attack

The only reliable technical countermeasure for a relay attack is a second layer of security that operates independently of the key system. Even if the relay attack perfectly replicates your key’s signal, it has no effect on a physical circuit that has been broken at the relay immobiliser level.

A relay attack convinces your car that the key is present. Your car then does everything it’s designed to do — unlock, authorise start. The relay attack has won against your factory security. But it hasn’t won against a 20A relay that has physically broken the fuel pump circuit. No key signal — relayed or genuine — can close a physically open relay. That is the engineering reason why relay immobilisers stop relay attacks where factory security does not.

How LockCar protects against relay attacks

Every LockCar immobiliser places a physical relay in an engine circuit. When armed, the circuit is open — the engine cannot start regardless of what key signal is presented. Disarming happens hands-free via a proximity tag (the IC3ST and IS357) — as you walk up to the car, it disarms automatically. No PIN to enter. No button to press. The car works exactly as normal — but a thief without the tag gets nothing.

Stop relay attacks — UK-wide professional installation

LockCar relay immobilisers from £139

Physical relay. Proximity tag. Zero ECU contact. The relay attack has no answer to a broken circuit.

Shop immobilisers → WhatsApp for advice
From £139product only
from £300 fitted

Remote

Immobiliser

4G

Dashcam

GPS

Tracker

Car

Alarm

Mobile

APP

Fleet

Platform