Bugs in the Bug: 100 million cars, especially VW, may be at risk for unlock hacks

Others vulnerable beyond VW

Researchers from the University of Birmingham and from Kasper & Oswald, a German engineering group, were in Austin, TX, at the Usenix security conference this week unveiling their findings. There are two separate weaknesses, according to a report in Wired: one affecting the keyless entry systems of an estimated 100 million vehicles, including VW and its subsidiaries such as Audi and Skoda, and another affecting the likes of Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot. This is atop the previously disclosed VW Group ignition system hack.

All that’s required to get into the car door hacking business is an Arduino board with a radio receiver attached, or a software-defined radio linked to a laptop. Birmingham’s Garcia called the board design “trivial.” The result functions “exactly like the original remote.”

VW may be more vulnerable

The researchers say the VW vulnerability is especially troubling. There are a relatively few handful of shared encryption keys embedded in various different modules on Volkswagens. (The researchers aren’t saying which modules.) It’s a “tedious” but doable task to extract the shared key. They estimate just four shared key codes are used in 100 million Volkswagens.

Having those codes in hand, the hacker needs only to head to a parking lot with VWs and be within about 300 feet to intercept the encrypted key code that’s specific to each car. By appending the car specific code to each of those four master codes, the hacker may have a code that locks and unlocks the car repeatedly. The hacker could port the code to a electronic key fob. It was noted that newer VWs have unique keys that make them immune to attack.

Link to article: http://www.extremetech.com/extreme/233468-bugs-in-the-bug-100-million-cars-especially-vw-may-be-at-risk-from-unlock-hacks