Researchers reveal electronic car lock hack after 2-year injunction by Volkswagen | Ars Technica

http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/

Posted from WordPress for Android

1 Comment

  1. Tomi Engdahl says:

    Andy Greenberg / Wired:
    Researchers find cryptographic keys shared by millions of Volkswagen vehicles can allow them clone key fobs using cheap radio hardware

    A New Wireless Hack Can Unlock 100 Million Volkswagens
    https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/

    In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.

    Later this week at the Usenix security conference in Austin, a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.

    Both attacks use a cheap, easily available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key.

    Arduino board with an attached radio receiver that can be purchased for $40.

    100 Million Vehicles, 4 Secret Keys

    Of the two attacks, the one that affects Volkswagen is arguably more troubling, if only because it offers drivers no warning at all that their security has been compromised, and requires intercepting only a single button press.

    Cracked in 60 Seconds

    The second technique that the researchers plan to reveal at Usenix attacks a cryptographic scheme called HiTag2, which is decades old but still used in millions of vehicles.

    Volkswagen didn’t immediately respond to WIRED’s request for comment, but the researchers write in their paper that VW acknowledged the vulnerabilities they found. NXP, the semiconductor company that sells chips using the vulnerable HiTag2 crypto system to carmakers, says that it’s been recommending customers upgrade to newer schemes for years. “[HiTag2] is a legacy security algorithm, introduced 18 years ago,”

    Plenty of evidence suggests that sort of digitally enabled car theft is already occurring.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*