The most effective way to prevent a relay attack is to block your key fob’s signal when you’re not using it, either with a Faraday pouch or by putting the fob to sleep. Relay attacks work by capturing the radio signal your key fob constantly broadcasts and extending it to your car, tricking the vehicle into thinking you’re standing right next to it. A UK car tracking company reported that 80% of all stolen and recovered vehicles in 2017 were taken without using the original keys, and relay attacks are a major driver of that trend.
The good news: relay attacks exploit a simple weakness (your fob broadcasting all the time), and every layer of defense you add makes the attack harder, slower, or not worth the effort.
How Relay Attacks Work
Your keyless entry fob continuously emits a low-power radio signal. When you walk up to your car, the car detects this signal and unlocks. In a relay attack, two thieves work as a team. One stands near your front door with a device that picks up your fob’s signal from inside your house. The other stands near your car with a second device that rebroadcasts that signal. Your car “hears” what it thinks is your key fob and unlocks. The engine starts the same way.
The entire process takes seconds and leaves no sign of forced entry. The same principle applies to contactless payment cards, where NFC signals designed to work within 4 cm can be intercepted and relayed to a payment terminal elsewhere. The core vulnerability is the same in both cases: the system verifies the signal but can’t verify the physical distance between the two devices.
Block the Signal With a Faraday Pouch
A Faraday pouch (or Faraday bag) is a small lined container that blocks radio signals from escaping. When your key fob is inside, it can’t broadcast, and there’s nothing for an attacker to relay. Purpose-built pouches offer over 85 dB of signal attenuation across a wide frequency range, which is more than enough to silence the 315 MHz and 433 MHz frequencies most key fobs use.
You can test any Faraday pouch by placing your fob inside it and then trying to unlock your car. If the car doesn’t respond, the pouch is working. This takes five seconds and is worth doing when you first buy one, since cheap pouches with poor stitching or worn lining can leak signal over time.
Some people wrap their fob in aluminum foil as a free alternative. Foil does attenuate radio signals, but it needs to completely surround the fob with no gaps. A loose wrap or a fold that creates a point can actually act as an antenna rather than a shield. It works in a pinch, but a dedicated Faraday pouch is more reliable for daily use.
Use Your Fob’s Built-In Sleep Mode
Many modern key fobs have a motion sensor that puts the fob to sleep after a period of stillness. On BMW models, for example, the fob stops emitting signals after 2 minutes of sitting motionless. Once asleep, the fob can’t be relayed because it isn’t broadcasting anything. It wakes up again when you pick it up and move it.
This is your first line of defense at home, where most relay attacks happen (typically late at night, with the fob sitting on a table near the front door). If your fob has this feature, avoid placing it somewhere it might get jostled, like a hook on a door that vibrates when the door moves. A shelf or drawer further inside the house is better. Even without a sleep mode, simply increasing the distance between your fob and your front door reduces the chance an attacker’s device can pick up the signal.
Disable Keyless Entry in Your Car’s Settings
Some manufacturers let you turn off the passive keyless entry system entirely. On Ford vehicles, for instance, you can navigate to Vehicle Settings, then Locks, and toggle “Intelligent Access” off. With this disabled, you’ll need to press the button on your fob to unlock, which means the car only responds to an active signal you deliberately send rather than the passive broadcast that relay attacks exploit.
Check your owner’s manual or infotainment system for similar options. The feature may be called “keyless entry,” “passive entry,” “intelligent access,” or “comfort access” depending on the brand. Turning it off does mean you lose the convenience of walk-up unlocking, but it completely eliminates the relay attack vector for entry.
Why Rolling Codes Don’t Solve the Problem
You might assume your fob’s encrypted signal protects you. Most modern fobs use rolling codes, where the transmitted code changes with every button press so an old code can’t be reused. This effectively stops replay attacks, where a thief records your signal and plays it back later. But relay attacks don’t record and replay anything. They forward your live, valid signal in real time. The encryption is intact, the code is fresh, and the car accepts it. Rolling codes were never designed to verify distance, only identity.
UWB Technology and Distance Verification
The real fix for relay attacks is a technology called Ultra-Wideband, or UWB. Instead of just checking whether the signal is valid, UWB measures how long the signal takes to travel between the fob and the car. Since radio waves travel at the speed of light, the system can calculate the exact distance between the two devices. If the fob appears to be further than a few meters away, the car refuses to unlock, even if the signal itself is perfectly valid.
This approach, known as distance bounding, requires the fob and car to exchange rapid challenge-response signals. The system times these round trips with nanosecond precision, making it extremely difficult for a relay device to fake proximity. A relay adds measurable delay because the signal has to travel the extra distance to and from the attacker’s equipment.
Several newer vehicle models from Apple CarKey-compatible brands and select European manufacturers now include UWB. If you’re shopping for a new car and relay attacks concern you, look for UWB-based keyless entry in the spec sheet. It’s the most robust technical countermeasure currently available.
Protecting Your Car After Entry
A relay attack gets a thief into your car and lets them start the engine, but there are ways to make the car harder to actually steal even after that point. One common post-entry theft method involves plugging into the OBD port (a diagnostic connector under your dashboard that has power even when the car is off) and using it to program a new key fob, effectively giving the thief their own legitimate key.
An OBD port lock is a physical cover that prevents access to this connector. Look for one that uses a tumbler lock rather than a security torx bit, since torx bits are common tools that won’t slow anyone down. Another option is removing the fuse that powers the OBD port. On some vehicles, this is a single fuse in the cabin fuse panel. Check your manual to identify which fuse it is and whether removing it affects other systems.
A steering wheel lock is another physical deterrent. It won’t prevent a relay attack from unlocking or starting your car, but it prevents the car from being driven away, which is ultimately what matters. Layering a signal-blocking measure with a physical theft deterrent is the most practical strategy: the Faraday pouch stops the relay, and the steering lock or OBD lock provides a backup if it fails.
Protecting Contactless Payment Cards
Relay attacks on NFC payment cards work on the same principle as car key attacks, but they’re harder to pull off in practice. NFC is designed to operate at less than 4 cm, and payment transactions use dynamic data that changes with each tap. An attacker would need to relay your card’s signal to a payment terminal in real time while you happen to have the card close enough to their hidden reader.
RFID-blocking wallets and card sleeves add a Faraday-style shield around your cards, preventing any signal from being read while the card is stored. Whether this level of caution is necessary depends on your risk tolerance. Contactless payment fraud through relay attacks is far less common than vehicle theft, partly because payment systems have transaction limits and fraud detection that flag unusual activity quickly.