Home Keyless Gone

Keyless Gone

The English article is heavily under construction. For more details please visit the German version.


  • Locks that do not require user interaction are generally insecure.
  • The Chaos Computer Club Aachen demonstrates a simple and cheap device for opening Keyless Go / Keyless Entry cars with a large distance to the key.


Keyless Go and Keyless Entry Systems allow a driver to open and start a vehicle without his or her interaction. In theory this should only be possible if the key is in a very close range to the the car‘s sensors, for example in the driver‘s pocket or handbag. Unfortunately the distance „measurement“ is often if not always based on the strength of low frequency (LF, in our test case 125kHz) probing signals from the car, that can easily be relayed over long distances.

This is a well kown but broadly ignored security flaw. To spread the knowledge and increase the manufacturer‘s motivation to fix this problem, we built a practical ~90€ attack tool on Keyless Go / Keyless Entry Systems. It allows the attacker to easily open and start the car, even if the key is out of range, by relaying the LF signal.


  • Authors: mrq, bibor
  • Questions, comments and criticism to pwnmyride AT aachen.ccc.de