Tag Archives: VW

VW Vulnerability Affects Almost Every VW Sold Since 1995

A few years ago, computer researchers discovered a problem with the VW keyless ignition system.  VW sued the researchers rather than fixing the problem and delayed the release of the information about the vulnerability for two years.   In VW’s defense, maybe it was difficult to close the vulnerability and it certainly would take time.

Apparently that ticked off the researchers, so they continued to dig and now they have found two other vulnerabilities – this time it affects the door locks of a hundred million cards.

The vulnerability affects almost every VW sold since 1995.

Researchers at the Usenix Security Conference revealed two different vulnerabilities.  One would allow attackers to unlock almost every car VW has sold in the last 20 years;  the other affects other brands too – ones that use the VW system – like Alfa Romeo, Fiat, Ford, Mitsubishi, Nissan and others.

The two attacks are relatively easy to do – intercept the radio signal and clone it.  You could do it with a laptop or an Arduino board shown below (Photo from Wired Magazine).

VW Hack

The first hack, the one that affects the VW cars, is vulnerable because VW hard coded a secret key into the car.  When you press the button to unlock the car, it sends a car unique code – the same code every time.  The attacker’s laptop or Arduino combines the unique code with the secret code and voila.  You own the car.

Apparently there is more than one secret key, but only a  handful.  The four most common keys will unlock almost a hundred million cars,  The VW Golf 7 is different in that it uses a unique key!

The second attack breaks the HiTag2 crypto system.  It apparently uses  rolling set of keys that changes unpredictably with every button press.  The researchers say that they found a vulnerability in HiTag2 which allows them to break in within 60 seconds.

The HiTag2 system is almost 20 years old and the manufacturer, NXP,  told car companies to replace it, but, apparently, VW hasn’t listened to them – yet.

While this particular hack only allows hackers to unlock your car and steal all of its contents with no tell tale signs – something that has been stumping cops for years – it could be combined with other hacks to steal the car as well.

The challenge is that for those 100 million cars, they may wind up being vulnerable until they are crushed unless VW can come up with a fix.

One workaround would be to disable the key fob, if that is possible, and lock and unlock the car with a metal key.  Security. Convenience. Pick one.  If your car or your possessions wind up being stolen as a result of this hack, your convenience factor might change.

Information for this post came from Wired.

Facebooktwitterredditlinkedinmailby feather

The Year Of The Car Hack? GM Onstar, VW, Audi and Many Others

GM Says that they have fixed the vulnerability that allowed a hacker to take over the GM Onstar Remotelink software.   Once the hacker has taken over the software, she can do anything the owner can do – remote unlock, remote start, etc.   The attack worked because GM was not validating the SSL certificates used by the app.   The researcher says not only does it still work but he has extended the attack to work on BMW Remote, Mercedes-Benz mbrace, Chrysler’s Uconnect and Viper SmartStart.

The researcher only tested his attack on iPhones, but I suspect the same technique will work on Android phones too.

The challenge here, of course, is designing mobile software securely.  While you may not like it if your mobile game leaks your name or age, you really won’t like it if your mobile apps gets your car stolen.  Banking apps figured this out a long time ago.  I guess automakers have to learn it all over again.

Now, on to VW.

Bloomberg is reporting that VW has been fighting security researchers for two years because they want to release a paper on a security vulnerability that they found the remote keyless entry system.  The vulnerability affects not only VW, but also Fiat, Audi, Ferrari, Porsche and Maserati.  VW has finally given in and the paper will be published with very minor redactions.

The rub is that the only fix is to replace both the keys and the controller inside the car.  Given that this likely affects millions of cars and VW would have to pay for all of these car manufacturers to recall these cars, VW would like this to go away.

Pretending security flaws don’t exist is kind of common and unless security researchers are allowed to continue exposing them, the only people who will know about the flaws are the bad guys.  There are some proposed U.S. laws that would make this research illegal.  Those in the know have been fighting against this, but it is a continuing battle.

Would you prefer that security researchers operate in public, tell companies and product owners that they are vulnerable and allow the vulnerabilities to get fixed.  Or, would you prefer they operate in the shadows and sell their exploits to organized crime?  How much do you think a car theft ring would pay for an exploit that allows them to own a high end Audi or BMW in less than 60 seconds?  I assume that would be worth tens of millions.

The London police say that 42% of stolen vehicles is done via hacking the keyless entry systems.  That’s pretty amazing.

As I keep saying – convenience or security, pick one.

On the other hand, it doesn’t mean that you cannot make technology bullet resistant (notice I didn’t say bullet proof), but it takes some work.

I am not sure why, but this year seems to be the year of the car hack.  They year is not over  yet, so stay tuned.





Information for this post came from SCMagazine and Bloomberg.

Facebooktwitterredditlinkedinmailby feather