Your new post is loading...
Over 100 million cars sold by Volkswagen since 1995 are susceptible to hacking due to security flaws in keyless entry systems, researchers have revealed.
Two UK-based computer experts at the University of Birmingham, Flavio Garcia and David Oswald, have published a paper showing how they were able to clone VW keyless systems by intercepting signals when drivers press their fobs to get into their vehicles.
"Major manufacturers have used insecure schemes over more than 20 years," the research paper asserts. Vehicles that are at risk to the attack include most Audi, VW, Seat and Skoda models sold since the mid-90s and roughly 100 million VW Group vehicles.
The landmark paper, which also included input from German engineering firm Kasper & Oswald, revealed two main vulnerabilities. The first could give hackers the ability to remotely break into nearly every car VW has sold since 2000. The second impacts 'millions' more vehicles such as Ford, Peugeot, Citroen and Ford.
As outlined in the paper, both attacks rely on "widely available" hardware that costs as little as $40 (£31) which can then be used to intercept and clone signals from victim's car fobs. Of course, at this point, cryptography becomes involved, but the experts found ways to crack that too.
"We discovered that the RKE [remote keyless entry] systems of the majority of VW Group vehicles have been secured with only a few cryptographic keys that have been used worldwide over a period of almost 20 years," the researchers wrote.
Beyond a bad year for Das Auto , this new episode in #carhacking shows that beyond a CDO, carmakers need real tech CTOs , and need them rather now.