‘Millions’ of Volkswagen cars can be unlocked via hack

By Chris Baraniuk
Technology reporter

A sizeable proportion of 100 million Volkswagen Group cars sold since 1995 can be unlocked remotely by hackers, a team of researchers has said.

The problem affects a range of vehicles manufactured between 1995 and 2016 – including VWs and models from the company’s Audi, Seat and Skoda brands.

A homemade radio costing about £30 is the only hardware an attacker requires.

Volkswagen said it was working with the researchers and added that several new vehicles were unaffected by the issue.

Two separate attacks affecting different models are described in a paper by researchers from the University of Birmingham and German security firm Kasper & Oswald.

With the second method, an older cryptographic scheme in some other brands was found to have a similar vulnerability.

The team showed it was possible for a malicious hacker to spy on key fob signals to target cars via a cheap, homemade radio.

Cloned keys

By cloning the digital keys, the researchers found they could then unlock a variety of VW Group vehicles.

This was possible because they were able to reverse-engineer the keyless entry system in the affected models – a process which yielded some master cryptographic keys.

Home Trader Club - Learn How Trader Earns! VIP Membership Club for Traders by Vladimir Ribakov

Traders Workshop - For Real Success - You Need To Learn From The Best! Complete Trading School by Vladimir Ribakov

A spokesman for Volkswagen said several current-generation vehicles, including the Golf, Tiguan, Touran and Passat were not affected by the problem.

“The responsible department at Volkswagen Group is in contact with the academics mentioned and a constructive exchange is taking place,” he told the BBC.

The spokesman added that starting the car’s engine with this attack was “not possible”.

Prior to publishing their research, the team behind the paper agreed with Volkswagen that some key pieces of information – including the value of the master cryptographic keys – would not be made public.

Security expert Ken Munro at Pen Test Partners said critical components of the attack had indeed been omitted.

“You’d need some academic-level knowledge of cryptography to be able to do this,” he added.

However, he also said the research was the latest in a string of similar findings that showed how many on-board systems in modern cars were vulnerable to hacking.

“Manufacturers are doing the right thing now, but you’ve got this huge problem with the installed base, those cars will last maybe 10 years – the fix is not simple,” he told the BBC.

“You’re potentially replacing all the control units in all the vehicles out there.”

Mr Munro added that it might be possible to prevent the reverse-engineering approach taken by the researchers in order to prevent the discovery of the crucial cryptographic keys.

The paper will be presented later today at the Usenix cybersecurity conference in Austin, Texas.

Advertisement

Click To Join Our Community Telegram Group

Vladimir Ribakov

Following 11+ years of trading experience, trading my own accounts as well as for hedge funds and brokerages, I have decided to fulfill my destiny and to personally mentor Forex and Commodities traders. When I released the “Broker Nightmare” (software that hides trades from brokers) 8 years ago, I found an overwhelming number of frustrated people who genuinely wanted to learn how to trade the Forex market, but instead found themselves scammed and misled. Over the years I have also release other trading systems based on my trading strategies, and met a lot of people on my worldwide Forex seminars. We’ve formed a close Forex community and we meet once or twice a year in various locations in Europe.