Can a new hack really unlock 100 million Volkswagen cars?

Researchers at the University of Birmingham are set to reveal an issue with the keyless entry system of Volkswagen cars that allows hackers to start the ignition – and it applies to almost every car produced by the German manufacturer since 1995!

There are two flaws that can be manipulated that allow thieves access to the cars. Both will be revealed at an upcoming security conference in the US. The first issue affects VWs, Audi and Skodas, and the second Alfa Romeo, Citroen, Fiat, Ford, Opel, Mitsibishi, Nissan and Peugeot.

It’s feared that the weakness won’t just be accessible by professional thieves, but anyone – as the attacks require just a simple piece of radio hardware to intercept signals from drivers’ key fobs; which researchers say you can buy for c£25!

The two problems are identified are slightly different. Arguable the most worrying is the former, as it just requires intercepting a single button press – and drivers will be given no warning that their security has been compromised. This information combined with another interception means that wannabe thieves can effectively clone the key fob and gain access to the vehicle. However, there are some complications regarding the accessible information; and researchers won’t make it public, for obvious security reasons.

The second hack requires intercepting a code generated by a key fob (or jamming it, so the driver presses it more than once and generates lots of codes in succession). Armed with these codes, researches managed to break the system within a minute. This flaw is due to an old coding system being used on the key fobs, known as HiTag2, which although being decades old is still used in millions of cars across the globe.

This isn’t the first time the University of Birmingham team have found worrying vulnerabilities in this area either; in 2013, they uncovered an error that allowed anyone to drive off with a VW car, but were delayed by a lawsuit from the manufacturers and couldn’t release the information for two years. Techniques like the ones to be revealed this week along with this earlier issue could be combined to unlock and drive away almost any vehicle.

Does the security of your car concern you? Did the person who sold it to you make you aware of any risks? Let us know at @Liftshare.

Author Lex Barber

on

You might also like…

See how Liftshare can help your organisation