Nowadays, many motor vehicles are equipped with a hands-free access and starting system. Such a system includes an access device, for example a key, a fob or a mobile telephone, carried by the user of the vehicle, and a starting and access control module on board the vehicle that is configured so as to communicate on a wireless communication link with said access device so as to authenticate it and authorize unlocking and locking of the opening elements of the vehicle and starting of the engine.
As is known, the control module periodically transmits a broadcast signal via an antenna. When the user carrying the access device approaches the vehicle in order to unlock it, the broadcast signal is captured via its antenna by the access device, which responds to the control module by sending it an authentication message comprising its identifier. When the identifier is valid and the user carrying the access device comes into contact with a predetermined zone of the vehicle, for example when he places his hand on the handle of the driver's door, which is equipped with an approach detection sensor, the control module unlocks the opening elements of the vehicle and authorizes starting of the engine.
Such a wireless communication system may be subject to attacks allowing an unauthorized person to enter into the passenger compartment or even to start the engine of the vehicle. One type of known attack, called relay attack, allows a thief to unlock the opening elements of the vehicle while remaining at a distance therefrom, for example of more than 10 meters. More precisely, the thief triggers sending, by the access device, of an authentication message that it relays to the control module so as to unlock the vehicle and then start the engine. This relay may be performed on a UHF (ultra-high-frequency) communication link, which is operational up to for example 100 meters.
A first type of relay attack may be performed using an attack device comprising two radio antennas connected to one another via a coaxial cable. When one of the antennas is presented close to the door of the vehicle, it captures the broadcast signal transmitted by the antenna of the control module. This magnetic field excites the first antenna of the attack device, which creates, through induction, an electrical signal that propagates in the coaxial cable. When this signal is received by the second antenna of the attack device, the latter generates an omnidirectional magnetic field. This radio field then excites the antenna of the access device, which demodulates the signal and sends the vehicle an authentication message allowing opening of the opening elements and starting of the engine.
A second type of relay attack may be performed with a wireless attack device comprising two radio antennas, a transmitter and a receiver. The transmitter captures the broadcast signal transmitted by the antenna of the control module so as to convert it into radio waves, for example at 2.5 GHz, and then amplifies it in order to transmit it to the receiver. The receiver receives this signal, converts it and sends it to the antenna of the access device. The access device responds to this signal with an authentication message that the attack device transmits to the control module, which then unlocks the opening elements and authorizes starting of the engine.
One known solution for combating such relay attacks involves equipping the access device with a motion sensor that makes it possible, in the event of a prolonged absence of motion, for example after a few minutes, to deactivate said access device, the latter not being a priori about to be used. Thus, when it is deactivated, the access device is not able to respond to a relay attack. The access device is then reactivated when motion is detected, for example when a user picks it up.
The access device may however be immobile even though it is necessary to be able to start the engine. This may be the case for example when a user leaves the access device in the vehicle and does not start the engine for a few minutes, for example when he is on the telephone. In this case, the access device deactivates in the absence of motion, then preventing the user from starting the engine unless the access device is moved again, which constitutes a major drawback.