The Team of researchers revealed, A sizeable proportion of 100 million Volkswagen Group cars sold since 1995 can be unlocked remotely by hackers.
Next time when you leave your car in a parking lot, make sure you don't leave your valuables in it, especially if it's a Volkswagen.
What's more worrisome?
The new attack applies to practically every car Volkswagen has sold since 1995.
There are two distinct vulnerabilities present in almost every car sold by Volkswagen group after 1995, including models from Audi, Skoda, Fiat, Citroen, Ford and Peugeot.
A homemade radio costing about $40 (£30) is the only hardware an attacker requires.
Volkswagen said it was working with the researchers and added that several new vehicles were unaffected by the issue.
Two separate attacks affecting different models are described in a paper by researchers from the University of Birmingham and German security firm Kasper & Oswald.
With the second method, an older cryptographic scheme in some other brands was found to have a similar, albeit more complex vulnerability.
The team showed it was possible for a malicious hacker to spy on key fob signals to target cars via a cheap, homemade radio.
"We discovered that the RKE [remote keyless entry] systems of the majority of VW Group vehicles have been secured with only a few cryptographic keys that have been used worldwide over a period of almost 20 years," the researchers wrote.
"With the knowledge of these keys, an adversary only has to eavesdrop a single signal from a target remote control. Afterwards, he can decrypt this signal, obtain the current UID and counter value, and create a clone of the original remote control to lock or unlock any door of the target vehicle an arbitrary number of times."
Although the team did not reveal the components they used to extract the keys to prevent potential car hackers from exploiting the weakness.
However, they warned that if skilled hackers find and publicize those shared keys, each one could leave tens of Millions of cars vulnerable.
In past 20 years, just the four most common keys are used in all the 100 Million cars sold by Volkswagen. Only the most recent VW Golf 7 model and others that use unique keys are immune to the attack.
For owners of the affected vehicles, which is many, the researchers explained that a temporary countermeasure is to stop using or disable the remote unlocking features and use the traditional mechanical lock instead.
In light of the research, Volkswagen released a statement claiming the security systems on its vehicles are state-of-the-art however admitted there is "no 100% guarantee for security."
This is not the first time this team of researchers has targeted Volkswagen, it discovered a way to start Volkswagen cars' ignitions in 2013, but had to withhold their findings for two years because VW Group threatened to sue them.
The researchers have reported the flaws to VW Group and agreed not to disclose the cryptographic keys, part numbers of vulnerable components, and how they reverse-engineered the processes.
Car hacking is a hot topic today. Previous research demonstrated hackers capabilities to hack a car remotely and control its steering and brakes and to disable car's critical functions like airbags by exploiting security bugs affecting significant automobiles.
It's important to note that these hacks only allow access to the inside of the vehicle. They cannot be used to steal the car, but getting inside could allow thieves to put the car in neutral and roll it onto a flatbed for a quick getaway.
0 comments:
Post a Comment