Over 100 mn Volkswagen cars sold since 1995 vulnerable to hacks: study

12 Aug 2016

Over 100 million cars sold by Volkswagen since 1995 were vulnerable to hacks due to security flaws in keyless entry systems, according to researchers.

In a published paper, two UK-based computer experts at the University of Birmingham, Flavio Garcia and David Oswald, wrote how they were able to clone VW keyless systems by intercepting signals when drivers pressed their fobs to get into their vehicles.

"Major manufacturers have used insecure schemes over more than 20 years," the research paper asserts. Vehicles that were at risk of attack included most Audi, VW, Seat and Skoda models sold since the mid-90s and roughly 100 million VW Group vehicles.

The landmark paper, to which German engineering firm Kasper & Oswald also contributed highlighted to two main vulnerabilities. With the first, hackers were able to gain the ability to remotely break into nearly every car VW has sold since 2000, while the second impacted 'millions' more vehicles such as Ford, Peugeot, Citroen and Ford.

According to the paper, both attacks relied on "widely available" hardware that cost as little as $40 (£31) which could then be used to clone signals from victim's car fobs.

Though from this point, cryptography came into play, the experts found ways to crack that too.

The researchers were able to reverse engineer a part of Volkswagen's network and get hold of a cryptographic key that was shared with millions of Volkswagen cars.

Using the hardware, they intercepted the unique signal produced by each car's key fob that could be used to clone the key, access the car and drive it away.

If criminals could reproduce the hack, tens of millions of cars could be at risk, with only the most recent Volkswagen Golf 7, which introduced a new locking system, and other cars with the same system safe.

While the researchers did not test every Volkswagen model from the last two decades, they said it was possible that all Volkswagen cars that used "constant-key" technology, apart from some Audi models, were susceptible.