Car theft with transponder: Mercedes, Porsche escape class action lawsuit

Contents

14 car manufacturers have to face a class action lawsuit in Quebec on behalf of (former) car owners, four manufacturers escape the trial. The reason for this is the frequent car thefts in which thieves exploit a disadvantage of many electronic car keys: their susceptibility to relay attacks. The radio signal of the real car key is transmitted through intermediate repeaters, and the thief can drive away with the car even if the key is not in the intended vicinity of the car.

This is what happened to Canadian André Lacroix in 2022: his 2018 Toyota Highlander was in front of the house, the key was in the house, then the car was gone. The victim says that the manufacturers have known about the problem for years, but have not warned customers and have not taken any countermeasures or waited too long to do so. In addition, it is often possible to start cars via the OBD computer interface without a key or relay attack, which also makes it too easy for thieves.

Lacroix is demanding a mass recall on behalf of all Québecois affected: manufacturers should have to improve the security systems of the vehicles in circulation. In May of last year, the man sued 18 car manufacturers and applied for certification as a class action (Lacroix c Toyota, Cour Supérieure, District Québec, Ref. 200-06-000261-241).

14 to 4

This week, the competent judge ruled that 14 of the manufacturers must face the main proceedings: Toyota, Audi, BMW, FCA (Fiat-Chrysler), Ford, Honda, Hyundai, Kia, Nissan, Mazda, Mitsubishi, Subaru, Volkswagen and Volvo.

However, four manufacturers were able to convince the judge that they were not responsible for the allegations, which is why the judge rejected the application in respect of these companies: General Motors, Mercedes, Land Rover Jaguar and Porsche. They apparently referred to warnings in the manual, explained that starting via the OBD connection alone does not work and that their car keys shut down after two minutes, which means that the relay attack no longer works.

BMW also argued the latter, but apparently did not succeed; however, the Bavarians could still succeed in the main proceedings. Toyota's argument that it does not produce keys itself did not fall on fertile ground with the judge, nor did Toyota's argument that the technology required for relay attacks is illegal. Of course, the technology installed varies between different models and model years, so the final judgment will probably have to make appropriate distinctions.

23,000 thefts in the first half of the year

For Québecois for whom a recall would come too late because their vehicle was stolen in the three years before the lawsuit was filed, the lawsuit is demanding 1,500 Canadian dollars (currently around 945 euros) in damages. The lawsuit estimates that this affects around 10,000 people. The amount demanded is not based on the damage incurred, but apparently on hypothetical additional premiums for several years of theft insurance. In addition, the defendant manufacturers are to pay the same amount as punitive damages; this money would go to a consumer protection organization.

The lawsuit does not cover car models that work with UWB radio (ultra-wideband). These systems effectively check how close the key really is.

In 2016, Canadian insurers had to process cover claims for stolen cars amounting to 89 million dollars; by 2022, this figure had risen to 372 million dollars. Gangs mainly target more expensive cars, which are dismantled into parts, sold with new chassis numbers or quickly shipped to Africa in containers. On a positive note, car thefts in Canada fell by 19 percent in the first half of 2025. However, more than 23,000 thefts were still reported, a three-digit figure per day. Incidentally, the Highlander is particularly popular with criminals.

Rapid relay attacks

With conventional "Keyless Go" keys, the owner can open the vehicle without taking the key out of their pocket. To do this, the car continuously measures the reception level of the key radio signal. If it is sufficiently high, it assumes that the key is within a maximum radius of ten meters and unlocks the doors when one of the handles is pulled.

Cryptographic processes ensure that the car only listens to the correct key. Some of them can be cracked, but only with considerable effort. The far greater weakness is that the car cannot check whether the measured reception level is plausible.

This is why cars with keyless-go technology are amazingly easy to open and even hijack: Pairs of thieves transmit the signal of a remote key to the car using simple analog radio bridges. A perpetrator approaches the key to within a few meters, for example by walking to the front door from outside. There he picks up the key signal with a relay hidden in a briefcase, for example. The relay amplifies the signal so that it can bridge several dozen meters to the second relay and from there to the car. The vehicle measures a strong radio signal, believes the key is in the immediate vicinity and therefore allows the car to be opened, started and driven away.

(ds)