While the world stood with mouths agapeย at the deceitfulness of VW’sย bad ECM software, manyย were still blind to the fact that the popular auto manufacturer was hiding an even darker secret that they’ve been trying to bury since 2013.
A team of researchers, led by computer scientist Flavio Garcia from the University of Birmingham, recently revealed that most vehicles manufactured by Volkswagen since 1995 could be wirelessly hacked to start the ignition, allowing anyone with the right RFID-based hardware to drive away without a key. Of course, like any reputable computer scientist, Flavio informed Volkswagen. The company promptly filed a lawsuit to keep Garcia and his team from publishing a detailed report of their findings.
A year after that lawsuit, the team was finally able to publish the report, which was overshadowed by theย breaking emissions scandal at the time. Being the dedicatedย researcher that he is, Garcia and a new team of researchers continued toย probe for flaws in VW vehicles and found yet more startling vulnerabilities, which areย detailed in a recently released paper aptly titled “Lock It and Still Lose It โ On the (In)Security of Automotive Keyless Entry Systems.”
In their new probe, the team found that they could gain access to the ignition and door locks of nearly every VW vehicle they tested. Not only that, but they found that their wireless attacks worked on other vehicles as well, including models byย Audi, Citroen, Fiat, Ford, Mitsubishi, and Nissan. Essentially, around 100 million vehicles are affected by these vulnerabilities thatย have yet to be fixed.
Both of the attacks were done using off-the-shelf hardware costing as little as $40ย โ with the help ofย an Arduino-based Wi-Fi transceiver, a software-defined radio canย grab the vehicle’s key FOB andย clone it (the same can be done with a laptop, but the Arduino is more stealthy). That clone can then be used for both attacks.
It’s basicallyย like building a duplicate remote that functions identically to the original. Hackers need only intercept a single button press โ a single cryptographic key value, which is shared by almost every model VW released over the last few decades. They then need only to intercept another value that is unique to the individual vehicle to gain access and drive away. The scary part is that owners receive no warning or alert at all that they have become compromised and only realize it when the vehicle is missing.
There are a couple of drawbacks to using the platform, though (if you can call it that). Hackers need to be within a 3-foot range of a targeted vehicle and the key value that most vehicles shareย isnโt trulyย universal, as there are several different numerical key values for each. They are not that difficult to find, however, and can be locatedย in different internal components of the vehicle, although Garcia and his team wonโt specify which.
The team also found another exploit usedย to gain access to VW vehicles. In this case, the team took advantage of the stream cypher Hitag2 to accomplish the same exploits previously mentioned using the same hardware. Hitag2 may be old but itโs still being used in many vehicles, making the exploit a serious ongoing issue. In this instance, the team used the exploit to gain several rolling code numbers unique to the target vehicle, which were then used to break through the Hitag2 scheme and gain access in about a minuteโs time.
They state that in order to accomplish that particular attack, hackers would need the vehicleโs owner to hit their key button multiple times in order to gain the several rolling values needed to exploit Hitag2. To get around that issue, the team suggested that their hardware could be programmed to act as a FOB jammer so that the owner would need to hit that button several times to gain access, which would allow the hackers to record those values.
While Volkswagen has yet to respond to any of these vulnerabilitiesย found by Garcia and his team, it does not bode well for a company already bogged down with a global emissions scandal.ย Volkswagen has been dealing with some serious publicity issuesย with their ongoing emissions scandal, which hasย beenย underย investigationย for over a year. South Korea is now investigating emission fabrication claims in their country as well, according to the Wall Street Journal.
ADVERTISEMENT
