100M Volkswagens Could Be Hacked Wirelessly
Stolen credentials; Man-in-the-middle attack; Software vulnerability
Keyless cars manufactured by the Volkswagen group since 1995 may be unlocked wirelessly, according to new research.
"We show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys," wrote a research team of University of Birmingham and Kasper & Oswald computer scientists. The team presented its findings at the USENIX Security Symposium in Austin, Texas, this week.
Using $40 worth of easily available radio hardware, the team intercepted the signals the driver’s key fob sends to the vehicle. Every time a driver uses a fob, the signal includes a unique vehicle specific number. By combining that vehicle-specific number with one of the four “master” crytographic keys they identified, researchers were able to unlock a wide variety of makes and models.
“It is conceivable that all VW Group (except for some Audi) cars manufactured in the past and partially today rely on a “constant-key” scheme and are thus vulnerable to the attacks described in this paper, except for those cars that rely on the latest platform, e.g., the Golf 7 for VW,” says the paper.
The researchers didn’t disclose their exact technique but did inform the VW Group, which acknowledged the vulnerabilities, according to the paper.
August 10, 2016
University of Birmingham and Kasper & Oswald researchers
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected