A new pattern of vehicle theft has appeared in the U.S.A. Thieves are unlocking the car using the no-touch keyless entry system. Thieves walk up to the passenger door of the target vehicle which then unlocks. The thief enters and drives away.
Some security experts have speculated that the criminals are recording the unlock codes continuously transmitted from no-touch keyless entry fobs. These are transmitted to an accomplice which replays the codes to unlock the car.
In some ways this is similar to early days of keyless entry when the criminal would stalk the car owner as they locked the car, recording the wireless signal. This would be replayed to unlock and steal the car.
One way to improve security may be to stop the no-touch keyless entry fobs from transmitting the unlock code all the time. The key fob could be redesigned to transmit the unlock code only after receiving a coded instruction from the vehicle. The vehicle would then only accept the unlock code within a narrow time window.
Better would be for the car to signal the key fob to use the next key-code for the Rolling Code calculation. This effectively establishes transmission of a new key so that the unlock code can be transmitted securely and circumvent man-in-the-middle replay attacks.
This strategy will improve security against the current threat. Ultimately vehicle theft can not be entirely eliminated. The greatest impact on car theft has been massive drop in the resale value of vehicles and parts. The reward is no longer big enough for the risk taken for most criminals.
It will be interesting to see what the car makers come up with.