Racing to catch a flight, you tap your phone against your BMW’s door handle and drive off—no fumbling for keys, no authentication delays. But that same Express Mode convenience just handed car thieves the perfect vulnerability. Your iPhone’s digital car key, designed for seamless access, creates a security gap that’s putting Mercedes, Range Rovers, and Ford F-150s at serious risk.
The Two-Person Digital Heist
Here’s how modern car theft works: One thief positions themselves near your front door with a signal amplifier while their partner stands by your driveway with a receiver. Your iPhone’s digital key, broadcasting through Express Mode, gets captured and relayed to your vehicle—tricking it into thinking you’re standing right there. The car unlocks and starts without triggering any alarms. BMW, Mercedes-Benz, Land Rover, and Ford vehicles with keyless systems are prime targets because their luxury status makes them worth the sophisticated effort.
Express Mode’s Convenient Security Flaw
Express Mode lets you unlock and start your car even when your iPhone is locked, dead, or buried in your bag. Apple created this feature for ultimate convenience, skipping Face ID, Touch ID, or passcode authentication entirely. That’s exactly what makes relay attacks possible—your phone continuously broadcasts its digital key signal, ready to respond instantly. It’s like leaving your house key in the front door lock, except the lock is wireless and can be activated from 30 feet away.
The Simple Fix That Actually Works
Open your Wallet app, tap your digital car key, select the three dots, then Express Mode Settings, and turn Express Mode OFF. Now Face ID or your passcode must approve every unlock and start. Yes, you’ll spend an extra two seconds authenticating, but thieves can’t exploit a signal that requires your biometric approval.
For traditional key fobs, store them in a Faraday pouch when you’re home—these signal-blocking pouches cost around $15 and make relay attacks extremely difficult.
The Future Fix Coming Soon
Some automakers are adopting ultra-wideband (UWB) technology that measures precise distances, making relay attacks nearly impossible. But UWB support remains limited to newer iPhones (XS or later running iOS 14+) and select vehicle models. Until then, disabling Express Mode transforms your digital car key from a theft liability into a secure convenience feature. Two seconds of authentication beats explaining to your insurance company how someone stole your $80,000 SUV from your own driveway.
