recommended reading

Threatwatch

100M Volkswagens Could Be Hacked Wirelessly

Stolen credentials; Man-in-the-middle attack; Software vulnerability

Keyless cars manufactured by the Volkswagen group since 1995 may be unlocked wirelessly, according to new research.

"We show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys," wrote a research team of University of Birmingham and Kasper & Oswald computer scientists. The team presented its findings at the USENIX Security Symposium in Austin, Texas, this week.

Using $40 worth of easily available radio hardware, the team intercepted the signals the driver’s key fob sends to the vehicle. Every time a driver uses a fob, the signal includes a unique vehicle specific number. By combining that vehicle-specific number with one of the four  “master” crytographic keys they identified, researchers were able to unlock a wide variety of makes and models.

“It is conceivable that all VW Group (except for some Audi) cars manufactured in the past and partially today rely on a “constant-key” scheme and are thus vulnerable to the attacks described in this paper, except for those cars that rely on the latest platform, e.g., the Golf 7 for VW,” says the paper.

The researchers didn’t disclose their exact technique but did inform the VW Group, which acknowledged the vulnerabilities, according to the paper.

sector

Retailer

reported

August 10, 2016

reported by

University of Birmingham and Kasper & Oswald researchers

number affected

100 million

location of breach

Unknown

perpetrators

Researchers

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

Unknown