Free e-book: IEEE 802.15.4ab vs IEEE 802.15.4z
Free e-book: IEEE 802.15.4ab

A relay attack fools signal strength. It can't fool the speed of light.

needCode defends keyless entry and digital keys against relay attacks - the dominant way keyless cars get stolen - with secure ranging that measures real physical distance instead of trusting signal strength. UWB time-of-flight ranging and BLE 6.0 Channel Sounding, including the proprietary PBR solvers that make BLE distance-bounding viable, so a relayed signal can't fake proximity. From a certified Qorvo partner active in FiRa and the Bluetooth SIG.
needCode IoT

We work with Industry Leaders

You can amplify a signal. You can't amplify your way past the speed of light.

A relay attack doesn't break the crypto - it cheats on distance. Two devices relay the radio between a key sitting in a hallway and a car on the street, and a system that judges proximity by signal strength is fooled, because signal strength can be amplified and relayed. This is why passive keyless entry became the easiest way to steal a modern car: the proximity check was never measuring distance, only guessing it from received power.

The fix is to measure distance physically. Time-of-flight ranging clocks how long the radio actually takes to travel, and a relay can't beat that - relaying always adds latency, and nothing crosses the gap faster than light. needCode builds this with UWB secure ranging and BLE Channel Sounding, including the proprietary PBR solvers that make BLE distance-bounding accurate enough to trust - so the key has to really be there.

Distance, measured not guessed

Time-of-flight ranging clocks the real distance to the key - a relay can't forge it.

UWB and BLE secure ranging

UWB time-of-flight and BLE 6.0 Channel Sounding, made accurate by proprietary PBR solvers.

Cryptographically bound

Ranging tied to the digital-key credential, so proximity and identity are proven together.

How relay attack prevention works

Defeating a relay attack is four things working together. needCode builds all four.

The Relay Attack

Two attackers relay the radio between a distant key and the target, defeating any proximity check based on signal strength alone. Understanding the attack is the starting point: it exploits the gap between "signal received" and "key actually present."

Time-of-Flight Secure Ranging

Measuring the round-trip time of the radio to derive true physical distance - which a relay can't shorten, because it can only add delay, never beat the speed of light. This is the property that makes ranging relay-resistant by construction, not by patch.

UWB and BLE Channel Sounding

UWB delivers gold-standard secure ranging (the CCC Digital Key approach); BLE 6.0 Channel Sounding brings distance-bounding to the BLE radio, made accurate by needCode's proprietary PBR solvers. needCode builds on both and pairs them where a product needs reach and assurance.

Cryptographic Binding

The distance measurement is bound to the secure digital-key credential, so an attacker can neither forge the range nor replay the key - proximity and identity are verified together. Secure ranging without the cryptographic tie is only half the defense.

Defending a keyless or proximity product against relay attacks?

Book a discovery call with our CEO

Where it applies

Any access granted on "the device is near" can be attacked by a relay. needCode applies the same defense across them.

Automotive Keyless Entry

The flagship case: defeating relay theft of passive keyless entry and digital-key vehicles, to the CCC secure-ranging standard. needCode brings the UWB and BLE ranging an automotive security programme requires.

Smart Locks & Access

Relay-resistant proximity for smart locks and building access, where "the phone is at the door" has to mean it really is. needCode applies the same secure-ranging defense beyond the car.

Contactless & Token Access

Proximity assurance for contactless and access tokens, where relay and amplification attacks are a known risk. Secure ranging raises the bar from "in range" to "genuinely close."

Any Proximity-Gated System

Wherever access depends on a device being near, a relay can attack it - and time-of-flight ranging is the defense. needCode builds it into the product, whatever the radio.

Why teams build relay defense with needCode

Secure ranging is our core discipline

needCode is the largest dedicated UWB team in Central Europe and a certified Qorvo partner - secure ranging, the heart of relay defense, is exactly what we build. This isn't a security add-on bolted onto something else; it's the main thing.

The BLE ranging others can't solve

needCode's proprietary PBR solvers resolve the integer-ambiguity problem that makes BLE 6.0 Channel Sounding ranging accurate - the depth that turns BLE distance-bounding from a spec into a working defense. It's a gap the major silicon vendors don't fill internally.

UWB and BLE, paired honestly

needCode builds both UWB (highest assurance) and BLE (broadest reach) ranging, and advises which - or which combination - a product actually needs. The right answer depends on the threat model and the BOM, not on selling one radio.

Built to the standard

Active in FiRa, the UWB Alliance, and the Bluetooth SIG, needCode builds relay defense to the CCC and Aliro secure-ranging specifications, by people shaping them.

Four ways to bring needCode in

From a threat assessment to a shipped defense.
We match the engagement to where the product is.

01

Threat & Ranging Assessment

  • Duration:
    2–4 weeks
  • Best for:
    Assessing relay exposure and the right secure-ranging approach for your product
  • Deliverable:
    Threat assessment, ranging approach (UWB / BLE / both), leadership readout

02

Secure-Ranging Build

  • Duration: 
    Phased
  • Best for:
    Building the time-of-flight ranging and cryptographic binding on target silicon
  • Deliverable:
    Working relay-resistant ranging, bound to the key credentia

03

UWB + BLE Integration

  • Duration: 
    Phased
  • Best for:
    Combining UWB and BLE Channel Sounding for reach plus assurance
  • Deliverable:
    Integrated dual-radio secure ranging

04

Long-Term Team

  • Duration: 
    Multi-year, retainer-based
  • Best for:
    Owning the secure-ranging and key stack across a product line
  • Deliverable:
    An embedded ranging / security team

What we ship on

We pick the ranging radio, standard, and security that match your threat model and BOM.

Ranging

UWB time-of-flight (TWR)
distance bounding
BLE 6.0 Channel Sounding
proprietary PBR solvers

Standards

CCC Digital Key 3.0 / 4.0
Aliro
FiRa
IEEE 802.15.4z

Silicon

Qorvo QM33 / QM35
NXP
STMicroelectronics
Nordic (BLE Channel Sounding)

Security

Secure boot
signed firmware
key binding
anti-replay
PSA Crypto

Case studies

Relay defense is secure ranging, and secure ranging is what needCode does best.

Qorvo: RF Leadership

Context: Rapid scaling for new chipset bring-up.
  • Scale: Grew from <10 to 30 FTEs.
  • Output: Supported bring-up of 9 new hardware platforms (SDKs, Drivers, Stacks).
  • Retention: Zero-churn core team retained for 5+ years.
Dedicated Development Center for RF Solutions
Bluetooth Mesh Smart Lighting Control System

Smart Lighting: Core R&D Extension

Context: Client needed deep, specialized expertise to pivot from proprietary tech to a new global standard.
  • Service: Deployed a dedicated squad of embedded engineers to function as the client's core R&D team.
  • Output: Co-authored official Bluetooth SIG protocols and delivered the world’s first certified BLE Mesh stack.
  • Value: Enabled the client to secure Series A funding and defined the industry standard for smart buildings.

Creative Werks: Innovation rescue

Context: Hardware obsolescence threatened production shutdown.
  • Action: Full-stack takeover (PCB redesign + Firmware + Mobile App).
  • ROI: 1230% ($1.6M value generated).
  • Speed: Payback period of 2–3 months.
NeedCode-case study - IoT Solution for Boat Lift Modernization - cover2s
needcode-powerpolen-case-study-cover2s

PowerPollen: AgTech automation

Context: Lack of internal expertise stalled a critical automation project.
  • Action: Re-architected system using unified MCU and ISOBUS standards.
  • ROI: 13.8x ($2.9M value generated).
  • Impact: Enabled $1.9M increase in harvester value.

Strategic Partnership

needCode is an official business partner of Qorvo, bringing over 8 years of proven expertise and trusted service to the technology sector.
qorvo-logo-banner
UWB-Alliance-logo-banner

Members of the UWB Alliance

In 2025 we became a member of the UWB Alliance. This strategic step reinforces our commitment to pioneering Ultra-Wideband (UWB) technology.

Proudly Certified for Excellence and Security

needCode is officially certified for:
ISO 9001:2015 – Quality Management
ISO/IEC 27001:2022 – Information Security
ISO certifications reflect our focus on delivering reliable IoT solutions, smart product development, and secure technology services.
ISO 9001_2015ISO - IEC 27001_2022

Testimonials

“I think the key takeaway from needCode is their ability to adapt and understand the customer's requirements. That took away probably a large portion of what could have been a lot of development time and expense for both companies.”
Bob Folkestad
Bob Folkestad
President at Creative Werks
“One aspect that truly sets needCode apart is its profound expertise in firmware development. Their proficiency in various programming languages, embedded systems and hardware architecture is truly impressive. When faced with difficult problems, their strong problem-solving skills and analytical mindset shine through, allowing them to overcome obstacles with remarkable ease.”
avatar Semeh Sarhan
Semeh Sarhan
CEO at Xtrava
“I worked with needCode while leading the NWTN-Berlin team in 2018. A big chunk for our FW development has been outsourced to them and they had proven to iterate very quickly, following specs and deliver on time. It was great working with them. I recommend working with needCode’s team on any Embedded SW development.”
avatar Marco Salvioli Mariani
Marco Salvioli Mariani
CTO at NWTN Berlin GmbH
“needCode Team proved to be one of the best engineers I have ever met. The part I like the most about the team is the more difficult an obstacle seems to be, the more motivated they were to find a solution and a way forward.”
A Testimonial picture
Szymon Słupik
CTO at Silvair
“needCode is an outstanding partner. Their quick follow-up, scalability, and extensive professional network set them apart. Their expertise in wireless technologies has been valuable, supporting us from low-level drivers to architecture discussions.”
avatar Tim Allemeersch
Tim Allemeersch
Director at Qorvo, Inc.
“needCode did a great job improving the firmware of the Vai Kai connected toys and developing new features, surpassing our expectations multiple times. I would definitely recommend hiring Bartek and needCode for the embedded software projects!”
avatar Matas Petrikas
Matas Petrikas
CEO & Co-founder
at Vai Kai UG

Insights

FAQ

A relay attack is a method of defeating keyless entry and digital keys by relaying the radio signal between a key that is far away - in a house, say - and the target car or lock, so the system believes the key is present. It is the dominant way modern keyless vehicles are stolen. It works because the system judges proximity from signal strength, which can be relayed.

Signal strength can be amplified and relayed, so a strong received signal proves only that a signal arrived - not that the key is actually nearby. A relay simply forwards the radio between distant devices, and the proximity check, which was only guessing distance from power, is fooled. The vulnerability is built into any RSSI-based proximity scheme.

Secure ranging measures the true physical distance to the key by timing how long the radio takes to travel (time-of-flight), and a relay can't shorten that because relaying only ever adds delay and nothing beats the speed of light. So the system knows the key's real distance, not a guess from signal strength. needCode builds this with UWB and BLE Channel Sounding.

UWB time-of-flight ranging is the gold standard and the basis of the CCC Digital Key secure-ranging approach, offering the highest assurance; BLE 6.0 Channel Sounding brings distance-bounding to the widely deployed BLE radio, made accurate by needCode's proprietary PBR solvers. The best choice depends on the threat model, the radios already in the product, and the BOM. needCode builds both and advises honestly rather than defaulting to one.

Yes - needCode builds relay defense to the CCC Digital Key secure-ranging specification, the standard the automotive industry is converging on for keyless entry, as an active FiRa and UWB Alliance contributor. UWB time-of-flight ranging is the CCC-aligned approach. The implementation is built to the spec by people shaping it.

Yes - BLE 6.0 Channel Sounding provides time-of-flight and phase-based ranging on the BLE radio, and needCode's proprietary PBR solvers make that ranging accurate enough to resist relay attacks. This brings distance-bounding to products that can't add a UWB radio. It is exactly the gap needCode's BLE ranging depth fills.

Both are needed: secure ranging proves the key is physically close, and cryptography proves it is the right key and hasn't been replayed, so needCode binds the distance measurement to the digital-key credential. Ranging without the cryptographic tie is only half the defense. The two together verify proximity and identity at once.

Yes - any system that grants access because a device is "near," such as smart locks, building access, and contactless tokens, is exposed to relay attacks, and the same time-of-flight secure ranging defends them. needCode applies the defense across these use cases. The car is the most visible target, not the only one.

Yes - needCode can assess an existing keyless or proximity product for relay exposure and build in secure ranging, using UWB, BLE Channel Sounding, or both. The work usually starts with a threat and ranging assessment. Retrofitting relay defense is a common reason teams engage needCode.

Let's work on your next project together

Book a demo and discovery call with our CEO
to get a look at:
Strategic Expertise
End-to-End Solutions
Advanced Technology
Custom Hardware Devices
Bartek Kling
Bartek Kling / CEO
© 2026 needCode. All rights reserved.

Manufacturing

Modern manufacturing machines are typically equipped with IoT sensors that capture performance data. AIoT technology analyzes this sensor data, and based on vibration patterns, the AI predicts the machine's behavior and recommends actions to maintain optimal performance. This approach is highly effective for predictive maintenance, promoting safer working environments, continuous operation, longer equipment lifespan, and less downtime. Additionally, AIoT enhances quality control on production lines.

For example, Sentinel, a monitoring system used in pharmaceutical production by IMA Pharma, employs AI to evaluate sensor data along the production line. The AI detects and improves underperforming components, ensuring efficient machine operation and maintaining high standards in drug manufacturing.

Logistics & supply chain

IoT devices - from fleet vehicles and autonomous warehouse robots to scanners and beacons - generate large amounts of data in this industry. When combined with AI, this data can be leveraged for tracking, analytics, predictive maintenance, autonomous driving, and more, offering greater visibility into logistics operations and enhancing vendor partnerships.

Example: Amazon employs over 750,000 autonomous mobile robots to assist warehouse staff with heavy lifting, delivery, and package handling tasks. Other examples include AI-powered IoT devices such as cameras, RFID sensors, and beacons that help monitor goods' movement and track products within warehouses and during transportation. AI algorithms can also estimate arrival times and forecast delays by analyzing traffic conditions.

Retail

IoT sensors monitor movement and customer flow within a building, while AI algorithms analyze this data to offer insights into traffic patterns and product preferences. This information enhances understanding of customer behavior, helps prevent stockouts, and improves customer analytics to drive sales. Furthermore, AIoT enables retailers to deliver personalized shopping experiences by leveraging geographical data and individual shopping preferences.

For instance, IoT sensors track movement and customer flow, and AI algorithms process this information to reveal insights into traffic patterns and product preferences. This ultimately leads to better customer understanding, stockout prevention, and enhanced sales analytics.

Agriculture

Recent research by Continental reveals that over 27% of surveyed farmers utilize drones for aerial land analysis. These devices capture images of crops as they are and transmit them to a dashboard for further assessment. However, AI can enhance this process even further.

For example, AIoT-powered drones can photograph crops at various growth stages, assess plant health, detect diseases, and recommend optimal harvesting strategies to maximize yield. Additionally, these drones can be employed for targeted crop treatments, irrigation monitoring and management, soil health analysis, and more.

Smart Cities

Smart cities represent another domain where AIoT applications can enhance citizens' well-being, facilitate urban infrastructure planning, and guide future city development. In addition to traffic management, IoT devices equipped with AI can monitor energy consumption patterns, forecast demand fluctuations, and dynamically optimize energy distribution. AI-powered surveillance cameras and sensors can identify suspicious activities, monitor crowd density, and alert authorities to potential security threats in real-time, improving public safety and security.

For example, an AIoT solution has been implemented in Barcelona to manage water and energy sustainably. The city has installed IoT sensors across its water supply system to gather water pressure, flow rate, and quality data. AI algorithms analyze this information to identify leaks and optimize water usage. Similarly, smart grids have been introduced to leverage AI to predict demand and distribute energy efficiently, minimizing waste and emissions. As a result, these initiatives have enabled the city to reduce water waste by 25%, increase renewable energy usage by 17%, and lower greenhouse gas emissions by 19%.

Healthcare

Integrating AI and IoT in healthcare enables hospitals to deliver remote patient care more efficiently while reducing the burden on facilities. Additionally, AI can be used in clinical trials to preprocess data collected from sensors across extensive target and control groups.

For example, intelligent wearable technologies enable doctors to monitor patients remotely. In real-time, sensors collect vital signs such as heart rate, blood pressure, and glucose levels. AI algorithms then analyze this data, assisting doctors in detecting issues early, developing personalized treatment plans, and enhancing patient outcomes.

Smart Homes

The smart home ecosystem encompasses smart thermostats, locks, security cameras, energy management systems, heating, lighting, and entertainment systems. AI algorithms analyze data from these devices to deliver context-specific recommendations tailored to each user. This enables homeowners to use utilities more efficiently, create a personalized living space, and achieve sustainability goals.

For example, LifeSmart offers a comprehensive suite of AI-powered IoT tools for smart homes, connecting new and existing intelligent appliances and allowing customers to manage them via their smartphones. Additionally, they provide an AI builder framework for deploying AI on smart devices, edge gateways, and the cloud, enabling AI algorithms to process data and user behavior autonomously.

Maintenance (Post-Release Support)

When your product is successfully launched and available on the market we provide ongoing support and maintenance services to ensure your product remains competitive and reliable. This includes prompt resolution of any reported issues through bug fixes and updates.

We continuously enhance product features based on user feedback and market insights, optimizing performance and user experience.

Our team monitors product performance metrics to identify areas for improvement and proactively addresses potential issues. This phase aims to sustain product competitiveness, ensure customer satisfaction, and support long-term success in the market.

Commercialization (From MVP to Product

Our software team focuses on completing the full product feature range, enhancing the user interface and experience, and handling all corner cases. We prepare product software across the whole lifecycle by providing all necessary procedures, such as manufacturing support and firmware upgrade.

We also finalize the product's hardware design to ensure robustness, scalability and cost-effectiveness.

This includes rigorous testing procedures to validate product performance, reliability, and security. We manage all necessary certifications and regulatory compliance requirements to ensure the product meets industry standards and legal obligations.

By the end of this phase, your product is fully prepared for mass production and commercial deployment, with all documentation and certifications in place.

Prototyping (From POC to MVP)

Our development team focuses on implementing core product features and use cases to create a functional Minimum Viable Product (MVP). We advance to refining the hardware design, moving from initial concepts to detailed PCB design allowing us to assemble first prototypes. Updated documentation from the Design phase ensures alignment with current project status. A basic test framework is established to conduct preliminary validation tests.

This prepares the product for real-world demonstrations to stakeholders, customers, and potential investors.

This phase is critical for validating market readiness and functionality before proceeding to full-scale production.

Design (From Idea to POC)

We meticulously select the optimal technology stack and hardware components based on your smart product idea with detailed use cases and feature requirements (Market Requirements Document / Business Requirements Document). Our team conducts thorough assessments of costs, performance metrics, power consumption, and resource requirements.

Deliverables include a comprehensive Product Requirements Document (PRD), detailed Software Architecture plans, an Initial Test Plan outlining validation strategies, Regulatory Compliance Analysis to ensure adherence to relevant standards, and a Proof of Concept (POC) prototype implemented on breakout boards.

This phase aims to validate the technical feasibility of your concept and establish a solid foundation for further development.

If you lack a validated idea and MRD/BRD, consider utilizing our IoT Strategic Roadmap service to gain insights into target markets, user needs, and desired functionality. Having a structured plan in the form of an IoT Strategic Roadmap before development begins is crucial to mitigate complications in subsequent product development phases.