In 2013, University of Birmingham researchers discovered a flaw that would allow thieves to start the ignition of millions of Volkswagens without needing a key. Volkswagen sued them. That delayed the release of their work for two years. Now those same researchers have found two new flaws in the keyless entry system that affects virtually every Volkswagen sold since 1995, nearly 100 million cars, and includes models from Audi, Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, Peugeot and Skoda.
Essentially, researchers found a way to intercept the signal from a victim’s key fob in order to clone the key. Both techniques can either be accomplished with a laptop that has a software defined radio connected to it or with a radio receiver attached to an Arduino board.
In the first attack, the researchers pulled a cryptographic key that is shared in common with millions of other Volkswagens from one the components of a vehicle. With that key in hand, they intercepted the signal sent from a key fob to unlock the doors. Once they had both, it was a matter of cloning the key fob to have access to the vehicle.
Finding the first cryptographic key is difficult and the thieves would have to be within 300 feet of the victim’s car, so this technique is fairly impractical. With that said, if thieves had access to just one of the keys, it would leave tens of millions vulnerable. Unfortunately, the only vehicles that can’t be hacked in this way are the newest Volkswagen Golf 7 and any other models that have the same locking system.
The second technique exploits the HiTag2 cryptographic scheme. Using basically the same set up as the first technique, the researchers found they could block the signal from a victim’s key fob, then record the code it sends every time the victim tries to open the doors. Once they had eight of those codes, it took less than a minute to crack the HiTag2 scheme and gain access to the vehicle.
While these techniques may seem complicated, keep in mind that earlier this month hackers in Texas stole 30 Jeeps with nothing more than a laptop plugged into one of the dashboard ports. Unfortunately, there’s no easy fix to this issue and so it likely won’t be. The best bet for anyone who drives one of the affected vehicles is to not lock valuables in your car and to possibly avoid using the fob altogether.