A group of researchers from the University of Birmingham has published a paper in which two vulnerabilities are revealed in the ignition system and key less entry Volkswagen. Taking advantage of it, an attacker could get into any car brand and turn it on without having the key.
The researchers plan to present both vulnerabilities this week at the Usenix security conference in Austin. Estimate that only one of them and affects about 100 million vehicles of the German group, while the second would also be applicable to cars of other brands such as Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel and Peugeot.
The investigation also involved the signing of German engineering Kasper & Oswald, and has been led by researcher Flavio Garcia of the University of Birmingham, the same as unveiled last year another vulnerability in the ignition system that allowed light and drive millions Volkswagen car without a key.
One of the most striking features of both vulnerabilities is how cheap it would be able to take advantage . All it would take would spend about $ 40 on an Arduino board equipped with a radio receiver. With them could intercept signals key chain to clone after a specific software.
Vulnerability to 100 million Volkswagen
On the one hand we have a first vulnerability affects only vehicles of the Volkswagen Group, including brands such as Audi or Skoda. The owners do not receive any warning when the safety of their vehicles infringed and once executed an attack upon her only you need to press the start button of the car to start it and drive it.
The only thing needed is to obtain two specific encryption keys. One is unique for each vehicle, and the other is shared. Combining them, attackers can clone the signal Keychain owners to access the car.
You may also like to read another article on AnarchismToday: Toyota 86, tried a true sports an engine that roars in road and track
For the distinctive key with every car it would be less than 91 meters away, and use the Arduino board with a radio receiver for the signal emitted by the Keychain each time they are used. While the problem of shared key is that varies little between models, making only the four most common used by Volkswagen can be attacked nearly 100 million vehicles manufactured in the last 20 years.
However, this shared key is a bit hard to get, because you have to access specific components of vehicles that researchers have not revealed. What we have done is warn the German company to work on a solution. And it is that at the moment the only immune attack car is the new model of the Golf 7, which has been designed to use only non – shared keys.
As for the second vulnerability affects HiTag2 a cryptographic scheme called, which is still used in million vehicles despite having several decades old. The cars use it to your keychain emit random codes each time they are used, only that the scheme used to generate them is easily cracked with only get a few keys using the Arduino with radio.
This controversy is just one more in the last months of Volkswagen, in which the German company has had to deal with the issue of their doctored emissions, which even managed to make also investigate their gasoline engines. They also have had to see how the authorities searched their offices for a possible case of pricing.