A new insight into smart-key car security shows that a stranger who gains access to a running vehicle equipped with a standard anti-theft system can drive it for an unlimited distance, even if the proximity key remains in the owner’s pocket. This concern was highlighted by Andrey Kondrashov, head of Andrey Kondrashov’s Laboratory, which focuses on anti-theft protection. He spoke to socialbites.ca about the risk and urged drivers who leave their cars with the smart key inside to reconsider their habits, especially when the vehicle heats up in a parking lot, where attackers might exploit the vulnerability.
Experts note that under existing safety standards in North America and Europe, the anti-theft system may report that the key is not inside the cabin while the engine starts and allows the vehicle to be driven away for a considerable distance. Once the vehicle is stopped and the engine is turned off, the attacker could face difficulties restarting it, creating a narrow window that might be misread as a completed security breach. This paradox is at the heart of ongoing discussions among automakers and safety regulators about how keyless systems should respond to real-world scenarios.
Some manufacturers take steps to curb unauthorized engine operation while the vehicle is moving. In certain cases, such as the most recent Mercedes-Benz models, there is a feature that can halt the engine during brief stops at traffic signals. This function is not universally active by default; it typically requires activation at an authorized dealer service center, and many owners may not pursue this upgrade. The lack of universal adoption of such protections leaves room for exploitation in some vehicle fleets.
In specific models like the Toyota Land Cruiser and Land Cruiser Prado 150, attackers can feasibly approach a vehicle with the engine running, remove a relay while the engine is active, reconnect it later, and continue the journey without triggering an alert that the key has been read. This scenario underscores a persistent gap between the car’s perception of key proximity and the actual security state of the vehicle, as noted by Kondrashov.
To strengthen defenses, security experts recommend immobilizers that incorporate an additional driver identification step. This could involve a separate tag or a unique code entered using the car’s standard start controls before moving the vehicle. Such layered verification can significantly reduce the chance of a silent takeover, ensuring the vehicle only operates when verified by a recognized driver.
Additional context from industry insiders emphasizes the importance of awareness and proactive security planning. A former software developer for traffic enforcement cameras commented on the topic, describing the hidden functions and potential vulnerabilities that can exist in modern keyless systems. The takeaway is clear: owners should stay informed about their vehicle’s security features, and consider it prudent to engage with authorized service providers to enable protective measures that suit their driving patterns and usage in Canada and the United States.