Vulnerability Assessment of Vehicle Keyless Entry Systems Using the PTES Methodology
DOI:
10.29303/jppipa.v11i8.11887Published:
2025-08-25Downloads
Abstract
The growing adoption of keyless entry systems in motor vehicles introduces new challenges in the security of radio-based communication. This study aims to identify and evaluate the vulnerability level of the keyless entry system on the Honda PCX 150 motorcycle against two types of man-in-the-middle-based attacks: replay attack and relay attack. Using the Penetration Testing Execution Standard (PTES) methodology, the study establishes a seven-stage testing procedure, from pre-engagement to reporting. Experiments were conducted using Flipper Zero as the main device, supported by GNU Radio, Software Defined Radio (SDR), and Universal Radio Hacker (URH). Each type of attack was tested 25 times. The results showed a 44% Success rate for the replay attack and 48% for the relay attack. Further analysis revealed that Success occurred not only on repeated frequencies but also on single-occurrence frequencies, with effectiveness rates of 50% and 45%, respectively. These findings indicate the absence of security mechanisms such as rolling code, time or location-based validation, and frequency hopping, allowing intercepted signals to be accepted by the vehicle. The study concludes that the Honda PCX 150's keyless entry system has significant security gaps, potentially exploitable using passive tools. It recommends the implementation of dynamic authentication mechanisms and cryptographic technologies to enhance the security of vehicular radio signal transmissions.
Keywords:
keyless entry Penetration testing Relay attack Replay attack VulnerabilityReferences
Alhamed, M., & Rahman, M. M. H. (2023). A systematic literature review on penetration testing in networks: future research directions. Applied Sciences, 13(12), 6986. https://doi.org/10.3390/app13126986
Alrabady, A. I., & Mahmud, S. M. (2005). Analysis of attacks against the security of keyless-entry systems for vehicles and suggestions for improved designs. IEEE Transactions on Vehicular Technology, 54(1), 41–50. https://doi.org/10.1109/TVT.2004.838829
Anthi, E., Williams, L., Ieropoulos, V., & Spyridopoulos, T. (2024). Investigating radio frequency vulnerabilities in the Internet of Things (IoT). IoT, 5(2), 356–380. https://doi.org/10.3390/iot5020018
Aryatama, F. A., & Samsugi, S. (2024). Sistem Keamanan Kendaraan Bermotor Dengan ESP32 Menggunakan Kontrol Android. SMATIKA JURNAL: STIKI Informatika Jurnal, 14(01), 167–181. https://doi.org/10.32664/smatika.v14i01.1267
Assubhi, M. H., & Rahmadewi, R. (2024). Perancangan Sistem Kendali Pada Sistem Keamanan Sepeda Motor Dengan Mikrokontroler ESP32. Aisyah Journal Of Informatics and Electrical Engineering (AJIEE), 6(1), 67–80. https://doi.org/10.30604/jti.v6i1.168
Budiada, I. M., Purnama, I. B. I., Santiary, P. A. W., Swardika, I. K., & Wardana, I. N. K. (2024). Design and implementation of IoT-based motorcycle keyless ignition and starter using RFID and Blynk. Matrix: Jurnal Manajemen Teknologi Dan Informatika, 14(3), 119–127. https://doi.org/10.31940/matrix.v14i3.119-127
Csikor, L., Lim, H. W., Wong, J. W., Ramesh, S., Parameswarath, R. P., & Chan, M. C. (2024). Rollback: A new time-agnostic replay attack against the automotive remote keyless entry systems. ACM Transactions on Cyber-Physical Systems, 8(1), 1–25. https://doi.org/10.1145/3627827
Farooq, J., & Soler, J. (2017). Radio communication for communications-based train control (CBTC): A tutorial and survey. IEEE Communications Surveys & Tutorials, 19(3), 1377–1402. https://doi.org/10.1109/COMST.2017.2661384
Fereidouni, H., Fadeitcheva, O., & Zalai, M. (2025). IoT and man-in-the-middle attacks. Security and Privacy, 8(2), e70016. https://doi.org/10.1002/spy2.70016
Gabsi, S., Beroulle, V., Kieffer, Y., Dao, H. M., Kortli, Y., & Hamdi, B. (2021). Survey: Vulnerability analysis of low-cost ECC-based RFID protocols against wireless and side-channel attacks. Sensors, 21(17), 5824. https://doi.org/10.3390/s21175824
Haikel, Z., & Santrila, H. (2024). Smart Protection Key And Tracking Pada Sepeda Motor [Thesis: Politeknik Manufaktur Negeri Bangka Belitung]. Retrieved from http://repository.polman-babel.ac.id/id/eprint/1070/1/OKE PRINT.pdf
Hossain, M. A., Noor, R. M., Yau, K.-L. A., Azzuhri, S. R., Z’aba, M. R., & Ahmedy, I. (2020). Comprehensive survey of machine learning approaches in cognitive radio-based vehicular ad hoc networks. IEEE Access, 8, 78054–78108. https://doi.org/10.1109/ACCESS.2020.2989870
Juliarto, M., Nityasa, R. A., & Aditama, A. D. F. (2024). Perancangan Keamanan Kendaraan Tanpa Kunci Dengan Menggunakan ESP32 dan Aplikasi BLYNK Berbasis IOT. V-MAC (Virtual of Mechanical Engineering Article), 9(1), 47–53. https://doi.org/10.36526/v-mac.v9i1.3653
Muzammil, M. Bin, Bilal, M., Ajmal, S., Shongwe, S. C., & Ghadi, Y. Y. (2024). Unveiling vulnerabilities of web attacks considering man in the middle attack and session hijacking. IEEE Access, 12, 6365–6375. https://doi.org/10.1109/ACCESS.2024.3350444
Novelino, A. (2024). Jumlah Kendaraan di Indonesia Tembus 164 Juta Unit, 83 Persen Motor. CNN Indonesia. Retrieved from https://shorturl.asia/awPpe
Pabelona Jr, R. M., Joe Marie D Dormido, D. I. T., & others. (2025). Keyless Entry System Using a Smartphone for Vehicle: A Development of Vehicle Security Performance. International Journal of Latest Technology in Engineering, Management & Applied Science, 14(1), 116–122. Retrieved from https://ideas.repec.org/a/bjb/journl/v14y2025i1p116-122.html
Purwanto, A. A., & Setiawan, Y. (2025). Application of Keyless Security System in Credenza Product Design. Journal Of Mechanical Engineering Manufactures Materials And Energy, 9(1), 14–24. https://doi.org/10.31289/jmemme.v9i1.13101
Putrada, A. G., Alamsyah, N., & Fauzan, M. N. (2023). Wi-Fi Fingerprint for Indoor Keyless Entry Systems with Ensemble Learning Regression-Classification Model. JOIV: International Journal on Informatics Visualization, 7(4), 2206–2214. https://doi.org/10.62527/joiv.7.4.1498
Santrila, H., Haikel, M. Z., Ocsirendi, O., & others. (2024). Rancang Bangun Sistem Cerdas Pengontrolan Keamanan Kunci Kontak dan Pelacakan Pada Sepeda Motor Berbasis IOT. Manutech: Jurnal Teknologi Manufaktur, 16(01), 89–95. https://doi.org/10.33504/manutech.v16i01.364
Shuaib, K., Barka, E., Al Hussien, N., Abdel-Hafez, M., & Alahmad, M. (2016). Cognitive radio for smart grid with security considerations. Computers, 5(2), 7. https://doi.org/10.3390/computers5020007
Sugianto, S., & Kurniawan, M. A. (2020). Tingkat ketertarikan masyarakat terhadap transportasi online, angkutan pribadi dan angkutan umum berdasarkan persepsi. Jurnal Teknologi Transportasi Dan Logistik, 1(2), 51–58. https://doi.org/10.52920/jttl.v1i2.11
Tahir, M., & Ardiansyah, M. R. (2024). Analisis Keamanan Website Dinas Pemerintahan Yogyakarta Dengan Metode PTES (Penetration Testing Execution Standard). Jurnal Teknik Informatika UNIKA Santo Thomas, 118–125. Retrieved from https://ejournal.ust.ac.id/index.php/JTIUST/article/view/3334
Tang, Z. T. A., Yu, K.-W., Yuta, K., Chen, T.-Y., & Karati, A. (2024). Enhancing security of a puf-based remote keyless entry system using machine learning approach. Proceedings of the 2024 6th International Electronics Communication Conference, 66–74. https://doi.org/10.1145/3686625.3686636
Witar, T., Srisorn, W., & Chayanon, S. (2019). The Prevention of Transnational Theft and National Security: A Case Study of Automobile and Motorcycle Theft. BESM-30, 124. Retrieved from https://shorturl.asia/7jIUW
Zainuddin, A. A., Abd Rahman, A. D., Nor, R. M., Hussin, A. A. A., Mohd, N. N. M. S. N., Shamsudin, A. U., Sapuan, M. S., & others. (2024). Innovative IoT Smart Lock System: Enhancing Security with Fingerprint and RFID Technology. Malaysian Journal of Science and Advanced Technology, 360–365. https://doi.org/10.56532/mjsat.v4i4.335
License
Copyright (c) 2025 Ulil Akbar, Muhammad Abdul Aziz, Donna Setiawati, Yusuf Eko Rohmadi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with Jurnal Penelitian Pendidikan IPA, agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution 4.0 International License (CC-BY License). This license allows authors to use all articles, data sets, graphics, and appendices in data mining applications, search engines, web sites, blogs, and other platforms by providing an appropriate reference. The journal allows the author(s) to hold the copyright without restrictions and will retain publishing rights without restrictions.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in Jurnal Penelitian Pendidikan IPA.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
