Well as said, as technology improves and we go digital. It becomes more hackable. No system is safe. Here we will discuss more about two specific key less attacks. Replay attack and RollJam attack.
Replay attack
Earlier cars used to work on single code. Which mean if sends ON signal lock and unlock the car. It works on sending a particular frequency. High frequency means 1 and low frequency means 0. But with more technology comes more threats. The hackers found a way to catch these signals mid-air and read it. Suppose you go to a particular restaurant every week. As soon you press the key, your car opens and you simply continue with your work. You continue to do this for a long time. The hacker see it as a good chance to steal your car. He sits nearby and waits for you to open your car. For you, its simply opened. But in-real hacker caught this frequency and now he can simply replay it to act it as your key and your car gets stolen.
You can see a potential problem here. Engineers came with a new method where they can change the code each time.
Roll jam attack
Roll jam attack is used in such cases it's not 100% working method and works on very few cars as most of companies solved the issue, I will explain how it works and how companies solve it.
In order to unlock cars it uses a specific code list which is followed by,
CODE LIST IN KEY
8bit_initializer + 112bit_code1 + 8bit_code8bit_initializer + 112bit_code2 + 8bit_code
8bit_initializer + 112bit_code3 + 8bit_code
8bit_initializer + 112bit_code4 + 8bit_code
CODE LIST IN CAR
8bit_initializer + 112bit_code1 + 8bit_code8bit_initializer + 112bit_code2 + 8bit_code
8bit_initializer + 112bit_code3 + 8bit_code
8bit_initializer + 112bit_code4 + 8bit_code
This is how the codes looks like. As soon as key is pressed in remote by owner, the car unlocks. But in both key and car, first code will get removed after the first unlock.
For example this key will be removed at first as code 1 : 8bit_initializer + 112bit_code1 + 8bit_code
Then the next key will work and again it will get removed after used from the code list.
Now as we can think the key and car won't have this stored, simple storage issue at same time There are 5192296858534827628530496329220096 possible combinations (which is simply 2¹¹² or 5 Quintillion). Instead it uses a specific algorithm to generate this code each time. Hence it is kind of impossible to bruteforce these codes.
In earlier cars only single code system was used. So a replay attack was enough to crack it. Now the system changed, Suppose you are owning a car and you pressed the button to unlock it, it didn't unlock. You will certainly press the button again and this time it opens. Here comes HackRF in action. Now cars work on broader spectrum. (Hackrf is the device attached to your car).
Suppose between 400mgz to 500mgz, because the key can send code on different frequencies depending on weather, battery, temperature, etc. As the name suggests in roll jam attack, jams and rolls. So it will strike the car with any frequency between as soon button is pressed, the car will be jammed from the key, but HackRF will record that key. Being a normal human you will think oh it didn't work let me try again. You press the button again and this time the hackrf send previous code to the car and your car opens, you use your car for few days. But each time you press the previous code get's sent. One day the the hacker comes reads that extra code and replay it. Your car is open now and now it's missing.
How companies solved it ?
They used two different algorithms to lock and unlock the car. Now last key will always be opposite algorithm of the before key. Hence it will be nearly unhackable. Example followed by,
Code 1: 001101... (regular key)
Code 2: 100100... (different algorithm key)
Code 3: 010111... (regular key)
Code 4: 010101... (different algorithm key)
As of now this method seems quite promishing as no method is found yet to bypass or crack it. Also like to end with a famous quote : "No system is safe !".