Almost 100 million Volkswagen vehicles are affected by a vulnerability that would allow an attacker to remotely and discretely unlock a auto without a key.
Advertisement
The researchers said that the only alternative left to Volkswagen auto owners is to fully deactivate or at least not use the [remote keyless entry] functionality and resort to the mechanical lock of the vehicle, as it is practically not possible to stop this hack from happening. The researchers said that one of the attacks would allow potential hacker/car jackers to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda.
If you’ve got a Volkswagen or an Audi built in the past 20 years, or a Ford, Chevy, Nissan or Fiat made in the past decade, you may want to stop using your wireless key fob or ignition-key buttons to lock and unlock your vehicle – like, forever.
The latest research shows how tech-savvy thieves might be able to unlock cars locked by the vehicles’ owners without covering how their engines might subsequently be turned on.
The latest paper, entitled “Lock It and Still Lose It: On the (In) Security of Automotive Remote Keyless Entry Systems” is scheduled to be presented at the prestigious Usenix computer security conference in Austin, Texas, on Friday. The cars with the keyless entry systems of many Volkswagen fall under this category.
Wired reports that both attacks might be carried out using a cheap $40 piece of radio hardware to intercept signals from a victim’s key fob.
The attack worked on all models of Volkswagen, Audi, Seat and Skoda brand vehicles tested by the researchers, except for the Volkswagen Golf Mark 7, introduced in 2013. It seems your vehicle can be easily stolen thanks to a flaw which leaves it vulnerable to a remote-cloning attack, according to new research.
The alleged vulnerability could explain the mysterious number of thefts of cars using such technology. The flaw was found in auto models as recent as the Audi Q3, model year 2016, they said. But with more functionality and more smart features, the cars are also becoming more prone to attacks by hackers.
The researchers are now going to investigate if the attack has been used by criminals in the real world.
Garcia was previously blocked from giving a talk about weaknesses in vehicle immobilisers following a successful application to a British court by Volkswagen.
Advertisement
In their paper, the researchers did not identify the auto parts subcontractor that makes the affected keyless systems for VW and potentially other vehicle makers.
