A few years ago, computer researchers discovered a problem with the VW keyless ignition system. VW sued the researchers rather than fixing the problem and delayed the release of the information about the vulnerability for two years. In VW’s defense, maybe it was difficult to close the vulnerability and it certainly would take time.
Apparently that ticked off the researchers, so they continued to dig and now they have found two other vulnerabilities – this time it affects the door locks of a hundred million cards.
The vulnerability affects almost every VW sold since 1995.
Researchers at the Usenix Security Conference revealed two different vulnerabilities. One would allow attackers to unlock almost every car VW has sold in the last 20 years; the other affects other brands too – ones that use the VW system – like Alfa Romeo, Fiat, Ford, Mitsubishi, Nissan and others.
The two attacks are relatively easy to do – intercept the radio signal and clone it. You could do it with a laptop or an Arduino board shown below (Photo from Wired Magazine).
The first hack, the one that affects the VW cars, is vulnerable because VW hard coded a secret key into the car. When you press the button to unlock the car, it sends a car unique code – the same code every time. The attacker’s laptop or Arduino combines the unique code with the secret code and voila. You own the car.
Apparently there is more than one secret key, but only a handful. The four most common keys will unlock almost a hundred million cars, The VW Golf 7 is different in that it uses a unique key!
The second attack breaks the HiTag2 crypto system. It apparently uses rolling set of keys that changes unpredictably with every button press. The researchers say that they found a vulnerability in HiTag2 which allows them to break in within 60 seconds.
The HiTag2 system is almost 20 years old and the manufacturer, NXP, told car companies to replace it, but, apparently, VW hasn’t listened to them – yet.
While this particular hack only allows hackers to unlock your car and steal all of its contents with no tell tale signs – something that has been stumping cops for years – it could be combined with other hacks to steal the car as well.
The challenge is that for those 100 million cars, they may wind up being vulnerable until they are crushed unless VW can come up with a fix.
One workaround would be to disable the key fob, if that is possible, and lock and unlock the car with a metal key. Security. Convenience. Pick one. If your car or your possessions wind up being stolen as a result of this hack, your convenience factor might change.
Information for this post came from Wired.