According to a study set to be unveiled next week at the Usenix Security Conference by a research team at the University of Birmingham, there is a flaw in Volkswagen Group key fobs that allows hackers to intercept its signal to gain access to vehicles. The report states that the simple hack can affect up to 100 million cars sold by the automaker, dating all the way back to 1995.
The paper was put together by Flavio Garcia with his research team at the University of Birmingham, with the assistance of german engineering firm Kasper & Oswald. It states that with a simple home-built $40 device, a hacker can “eavesdrop and record rolling codes,
emulate a key, and perform reactive jamming.” This means hackers can essentially make a ‘copy’ of a key fob, in order to gain access to a vehicle.
Advertisement – Continue Reading Below
How it works is, researchers are able to use a component inside Volkswagen’s internal network to obtain a single cryptographic key that millions of its cars use. Then, with the hardware, they’re able to secure a second cryptographic key from the fob that is unique to the car they’re targeting. With these two combined values, they’re able to gain access and unlock the car. In order for it to work, however, the intercepting device has to be within 300 feet of the target vehicle.
The worst part is, there’s only four unique cryptographic keys that most of the 100 million affected cars share. Once a hacker finds one of these keys, he or she can theoretically expose millions of cars.
It’s not all bad, though. VW has alleviated the problem on some of its most recent vehicles, most notably the Mk7 Golf, making them invulnerable to this method.
The study also includes a section on other cars that can be exposed by a comparable attack. Using a similar home-made device, hackers can copy ‘rolling codes’ that appear when people press the buttons on their key fobs to lock and unlock their cars, and use the codes to gain access. It’s an even simpler method, affecting millions of Chevys, Fords, Mitsubishis, Nissans, and more.
While the researchers have chosen not to speak about many of the specifics of their work due to obvious security concerns, it’s quite worrying just how easy it is to break into a vehicle with $40 and a little computing know-how. Maybe automakers will take this study into consideration when manufacturing the latest ease-of-entry devices for our new vehicles.
Road & Track