A recently identified software vulnerability could allow hackers to compromise around 100 million Volkswagen vehicles by exploiting signals from their keyless entry remotes, according to an upcoming research report.
The flaw, revealed by a collaboration between researchers from the University of Birmingham and German firm Kasper & Oswald, allows skilled thieves to clone key fobs using just two captured radio signals. This vulnerability affects nearly all models sold by Volkswagen A.G. since 1995, including Audis, VWs, Bentleys, and Skodas. The findings are set to be presented on Friday at the Usenix security conference in Austin, Texas.
To exploit this vulnerability, a hacker needs only a compact piece of radio hardware that costs about $40. With such a device, or a laptop equipped with similar technology, a criminal could intercept the radio transmission from the car’s remote, even from a distance of up to 300 feet.
While the technology for radio eavesdropping is not new, car manufacturers have implemented additional security measures. However, the researchers found shared cryptographic keys within the Volkswagen network that applies to nearly all vehicles. By combining these keys with the individual radio transmission from keyless entry remotes, a hacker can gain unauthorized access to the vehicle.
“You only need to eavesdrop once,” explained David Oswald from the University of Birmingham to WIRED. “After that, you can create a clone of the original remote that can lock and unlock the car as often as you like.”
The researchers noted that just four commonly used cryptographic keys could unlock almost 100 million Volkswagen family vehicles sold over the past two decades. Only a select few recent models, like the latest VW Golf, have upgraded locking systems that provide protection against such attacks.
Additionally, the team identified another vulnerability affecting millions of vehicles from other manufacturers, including Fords, Chevys, and Renaults. This security flaw is even simpler to exploit; a hacker only needs to capture several rolling codes from the owner’s wireless key while it is being used, allowing them to open a vehicle in as fast as 60 seconds.
While the researchers plan to withhold specific details to prevent misuse by black-hat hackers, they caution that criminals might independently discover this information. Currently, they advise vehicle owners to keep valuables hidden and hope that any would-be car thieves lack the technical skills to successfully steal their vehicle.
.
