VW woes: 100 million ‘keyless’ cars can be hacked with $40 device

VW woes: 100 million ‘keyless’ cars can be hacked with $40 device
While “smart” cars are a 21st century thing, the convenience has a darker side. Researchers have shown that it takes a tool as cheap as $40 to bypass the “keyless system” in tens of millions of Volkswagen cars, including Audis and SEATs.

Four European researchers say hackers can easily eavesdrop on the signal which is sent every time a driver presses their key fob to lock or unlock a car. All the thieves need is a cheap technical device and to be somewhere within 100 meters of a vehicle.

Flavio Garcia and his team at the University of Birmingham reverse-engineered an undisclosed component of the keyless system and extracted a cryptographic code. Using that information, they say hackers can intercept a car’s unique ID sent by the fob.

“It is conceivable that all VW Group (except for some Audi) cars manufactured in the past and partially today rely on a 'constant-key' scheme and are thus vulnerable to the attacks,” the researchers said in a paper, presented at the 25th USENIX Security Symposium in Austin, Texas.

It appears that there are about 100 million hack-vulnerable Volkswagen AG cars, ranging from older to the newest models. Vehicles at risk include VW, Audi, SEAT and Skoda models sold since 1995, up to and including the 2016 Audi Q3. Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot models are also vulnerable to wireless hacks, researchers said. What all those cars have in common is a “constant-key” scheme.

Cars built on VW's latest MQB production platform – used on the top-selling model, the Golf VII – are not vulnerable to this hacking technique, researchers said. The experiment did not look into VW's luxury brands such Porsche, Bentley, Lamborghini and Bugatti, but the researchers notified the carmaker about the problem with mass-market vehicles.

"This current vehicle generation is not afflicted by the problems described," VW spokesman Peter Weisheit said, according to Reuters. VW also said that its current Golf, Tiguan, Touran and Passat models are not at risk from the attack.

“We are aware of this security gap and have incorporated this knowledge in the enhancements of existing and future systems. We no longer use the described system in any of our new cars,” Ford Europe spokesman John Gardiner said.

READ MORE: US attorneys blast VW for declining to pass communications to investigation

There is good news to go with the bad, for concerned drivers. Hacking a car would not be as easy as it sounds at first. Before hackers would be able to get into your car and rush away, they would need to identify a particular car, intercept the radio signal sent from a key fob to the car, then get the cryptographic “password” associated with the vehicle. That cryptographic key would then need to be paired with another special key. It is shared among large numbers of vehicles from a particular Volkswagen brand or model year, but is tougher to get. The bottom line is that an amateur hacker most likely would not be able to do that.

The bad news is that the task would not be a serious challenge for a professional hacker, and if they ever found the special cryptographic key, they could leak the details online.

In 2013, the same team of researchers caught flaws in VW cars’ ignitions, but the group’s lawsuit against them delayed the publication of their research for two years. The paper was eventually published after the authors agreed to redact the information that would have allowed thieves to figure out how to steal cars exploiting the flaw.

While the recent paper focused on Europe, the US is not a stranger to car hacking either. Insurers and police across the country have been raising awareness of the new trend in car theft, warning that thieves have been using laptop computers or other devices to hack vehicles’ electronics.