Passive entry and/or passive start (PEPS) systems include a portable remote controller and a base station. The remote controller, for instance, a key fob (“fob”), is carried by a user. The base station is at a target device such as a vehicle. The fob and the base station wirelessly communicate with one another for remote control of the target device.
Passive entry functions provided by a vehicular PEPS system include automatically unlocking vehicle doors when an authorized fob is brought into the vicinity of the vehicle. The PEPS system may detect for an authorized fob in response to a vehicle door handle being touched. Passive start functions provided by a vehicular PEPS system include automatically starting the vehicle upon a user in possession of the authorized fob pressing a start button near the driver's seat.
A “relay attack” is a process for deceiving a vehicular PEPS system. A relay attack is typically carried out by two thieves while the vehicle user is remotely located away from the vehicle. Each thief has a transceiver. A first thief stands next to the vehicle. The second thief stands near the vehicle user, whom is carrying an authorized fob. The relay attack begins with the first thief actuating the door handle or pressing the start button. The base station of the PEPS system responds by transmitting a short range communication pursuant to the ordinary authorization process. Unlike the first thief transceiver, the fob is too far away to receive the communication. The first thief transceiver relays the communication to the second thief transceiver. The second thief transceiver retransmits the communication to the fob. The fob responds by replying with authorization information. The second thief transceiver relays the authorization information to the base station. In turn, the base station causes the door to be unlocked or the vehicle to be started. A relay attack thus includes relaying short range PEPS communication over a relatively long distance without permission of the vehicle user.