Car theft by hackers reaches Brazil after becoming epidemic in Europe
RIO DE JANEIRO, BRAZIL – A little over two years ago, UOL Carros alerted to the explosion of a new type of vehicle theft in the UK and Europe: hackers took advantage of a security vulnerability in the “keyless” system to open the door, start the engine and steal cars equipped with this technology in seconds.
At the time, we talked to a Brazilian living in London who had his Land Rover stolen in front of his house this way. Today, the criminal practice has already reached Brazil, where there are reports of new victims practically every week.
A RecordTV report broadcasted on April 3 shows the theft of two Jeep Compass units equipped with key sensors.
The fifth best-selling vehicle in Brazil, Jeep’s SUV, is not the only model subject to this type of theft, called “relay attack” by experts.

The bandits always act in pairs: the first one carries in his backpack a device that “steals” the code from the on-site key and transmits it to another device, which can be a smartphone with specific software. With this device, the second bandit, positioned next to the car, can unlock the doors, enter the cabin, and escape with the car.
It all happens quickly, without the victim realizing it, and the practice requires equipment that is easily purchased on the Internet for a relatively low price.
“I am sure that this is just the beginning of something that will become much bigger in Brazil. The number of vehicles vulnerable to this technique is already large in the country and will grow. Today it is easier to steal a keyless car than a conventional one, which encourages this type of criminal activity,” says Ricardo Tavares, a cybersecurity specialist.
A KEY INSIDE A HOUSE WAS CLONED IN LONDON
In one of the cases broadcast by RecordTV, the owner of a Jeep Compass parks in front of a bakery in São Paulo. He enters the store to do some shopping, and with the SUV key in his pocket, he does not notice the approach of a criminal with a backpack – there is the equipment used to clone the signal. As soon as he receives the code, the other bandit, already positioned next to the vehicle, opens the door, starts the engine, and escapes.
In the case of the Brazilian man mentioned at the beginning of this article, the theft occurred when the key was inside his own home.
“The key was in the living room, and they managed to trace the signal and unlock the doors. When you stop the vehicle in front of a bar, for example, hackers can capture the signal of the key that is in your pocket to steal the car while you are at the bar,” said Rafael Narezzi, digital security specialist, in the story published by UOL Carros in 2020.
A London resident for 18 years, he managed to recover his 2018 Land Rover Discovery about 30 minutes after the theft, parked just over a mile from home.
The day before the theft, a security camera from the property next door caught two men wearing jackets and helmets, alongside a sports bike, moving around in broad daylight in front of his residence.
VULNERABILITY MAY VARY
Personal keys use a radio signal emitted by pulses, communicating all the time with sensors installed in the vehicle.
This signal contains a security code that must be recognized by the car to open the doors and start the engine.
According to Ricardo Tavares, the technology used today by automakers has the same principle; however, some brands add additional “layers” of security and encryption.
“There are cars that randomly generate a new code every time the car is locked. Others keep the same one indefinitely. Therefore, if a vehicle is recovered after this type of theft, I recommend asking a dealership to re-encode the respective key.”
In Tavares’s view, this makes some keyless models less susceptible to signal cloning than others.
“The responsibility lies with the automakers, some of which have been offering insecure face-to-face keys.”
Questioned about the cases shown by RecordTV, Stellantis, owner of the Jeep brand, informs that “the presence key system with remote control for opening doors and windows is the same used by other brands and automotive groups worldwide. We are not aware of any flaws in the technology, but we are investigating to understand if there were any problems.”
GPS SCRAMBLER
Once in possession of the vehicle, the bandits use another device, called a “jammer,” to prevent cars equipped with a tracker from being located. The equipment “scrambles” the tracking signal, explained Rafael Narezzi.
“This shows how criminals are evolving in the digital world. They can take even cars with tracking services.”
In the case of the London resident, the “jammer” was used, but for a brief period, and he was able to recover his vehicle shortly after the theft.
“First, they scramble the tracking signal to have no record of the route taken. It happens for a brief period. Then they abandon the car in a public place, but without much traffic, and wait to see if no one will pick it up. If not, they remove the tracking equipment and arrange all the logistics for the car to be taken for sale.
HOW TO AVOID IT
There is a relatively simple and cheap solution to prevent such attacks. You can buy a kind of case on the Internet in which you put the vehicle key inside. It blocks the radio signal emitted by the key, preventing hackers from ‘stealing’ the code.
Another solution, which is even more accessible, is to wrap the key with aluminum foil, says Ricardo Tavares.
Read More from The Rio Times