A New Wireless Hack Can Unlock 100 Million Volkswagens
In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars without keys but were hit with lawsuit to delay publication. Now, a year after that hack was finally publicized, the same researchers show in Usenix security conference how the keyless entry system that unlocks the vehicle’s doors can be hacked with cheap hardware (Arduino and RF module).
The affect the keyless entry systems of an estimated nearly 100 million cars. It applies to almost every Volkswagen cars sold after 1995, and also Audi and Škoda. According to article also some car models from Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot are affected by this.
There are two different attacks. Researchers find cryptographic keys shared by millions of Volkswagen vehicles can allow them clone key fobs using cheap radio hardware. There are 100 Million Vehicles and only 4 Secret Keys. Attack can be performed remotely using Arduino board with an attached radio receiver that can be purchased for $40.
Semiconductor company NXP been for years recommending customers upgrade to newer schemes from the vulnerable HiTag2 crypto system.
Wireless Hack Threatens Locking System on Nearly All VW Cars Sold Since 1995
Purchased a car from Volkswagen in the last 20 years? If you did, chances are a group of researchers can now unlock your vehicle using a new wireless hack.
At the 25th Usenix Security Symposium in Austin, Texas, researchers Flavio D. Garcia and David Oswald along with colleagues from the University of Birmingham and the German engineering firm Kasper & Oswald will deliver a presentation entitled, Lock It and Still Lose It —on the (In)Security of Automotive Remote Keyless Entry Systems.
In it, they’ll unveil two security vulnerabilities that together threaten the security of 100 million vehicles made by Volkswagen, Ford, and other well known car manufacturers.
A single cryptographic key that is shared among nearly all vehicles made by the German car manufacturer.
An attacker can essentially clone the key fob to unlock the vehicle. Attackers can allegedly use a radio setup to intercept eight codes sent from a key fob to a target vehicle. Using those codes, the actors can get to work breaking the scheme. An attacker has to be within 300 feet of the car.
This is not the first time researchers have demonstrated automobile-related vulnerabilities. In the summer of 2015, three Jeep owners filed a lawsuit against Chrysler. I have mentioned his case on Hackers Remotely Kill a Jeep on the Highway, Hackers Commandeer a Moving Jeep, Jeep Hacking 101 and The FBI Warns That Car Hacking Is a Real Risk postings.