Hackers using cheap wireless devices pose a threat to millions of cars equipped with Volkswagen’s keyless entry system, according to a study from the University of Birmingham.
Scheduled for presentation Friday at the USENIX security conference in Austin, Texas, the study shows that thieves can use a simple wireless device to unlock the doors of millions of cars remotely, essentially by cloning the remote control that wirelessly secures a car door lock.
A second hack involves recovering the cryptographic key by attacking the rolling code scheme, called “Hitag2,” and entering a few keystrokes on a laptop to access a car.
The vulnerability could impact up to 100 million cars manufactured under the Volkswagen brand and others over the past 20 years.
Keeping a Lid on It
The initial research was considered so sensitive that the manufacturer for two years blocked publication of some of the results through a lawsuit, before both sides sat down to examine the findings and take action to mitigate the risk.
“Volkswagen takes the security of our customers and their vehicles very seriously,” spokesperson Mark Gillies said. “Volkswagen’s electronic and mechanical security measures are continuously being improved.”
The company “was in contact with the academics mentioned, and a constructive exchange is taking place,” he noted.
Volkswagen agreed that the authors would “publish their mathematical-scientific findings,” said Gilles, “but without the sensitive content that could be used by accomplished criminals to break into vehicles.”
The findings in the research will be used to improve the company’s security-technology, he added, noting that while research on auto security is important, “hacking into vehicles is a malicious, criminal act.”