iTnews

Volkswagen keyless entry systems can be bypassed

By Juha Saarinen, iTnews on Aug 11, 2016 1:00PM
Volkswagen keyless entry systems can be bypassed

New research could explain spate of thefts.

Keyless locking systems in cars can be bypassed relatively easily, researchers have found, leaving hundreds of millions of vehicles at risk of thefts and break-ins.

University of Birmingham researchers Pierre Pavlidès, Flavio Garcia and David Oswald along with security consultant Timo Kasper discovered two serious vulnerabilities in the keyless entry systems and the adjunct alarms and engine immobilisers used by major car manufacturers.

They focused on vehicles made by the Volkswagen Group, finding the company has been using just a few master keys for the encryption of the wireless signal used for car remotes since 1995.

The cryptographic keys were recovered from cars' electronic control units (ECUs) by the reseachers, who were able to unlock vehicles after eavesdropping on a single signal sent by the remote key fob (one button press).

To capture the radio frequency signals from key fobs, the researchers built a cheap Arduino-based transceiver costing just a few tens of dollars.

Audis, Seats and Škodas are also vulnerable, they found.

A flaw in a second keyless entry system used by many other car makers such as Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault and Ford was also discovered.

It stems from car makers using the weak and now deprecated HiTag2 rolling code scheme, which can be broken and the keys cloned using a laptop and just a few minutes of computation.

This means it is possible to not only unlock vehicles, but to bypass engine immobilisers, according to the researchers, who tested their theories on their own and friends' cars.

"The cryptography of these immobilisers has to be considered broken as their added protection to prevent criminals from starting the engine of a car is very weak," they wrote.

The findings could explain mysterious car thefts and burglaries in recent times, in which criminals have accessed vehicles that were locked and had the engine immobiliser system activated.

"Since they are executed solely via the wireless interface, with at least the range of the original remote control (ie a few tens of metres), and leave no physical traces, they pose a severe threat in practice," the researchers said.

The vulnerabilities have been reported to Volkswagen and other car makers.

But there are currently no fixes or countermeasures against the keyless entry system weaknesses, as they cannot easily be patched or updated. 

The researchers also analysed other keyless entry systems and found them insecure, but have decided not disclose the details at this stage.

The research was presented at the 25th USENIX security conference in Austin, Texas [pdf].

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
audio cars security volkswagen

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Juha Saarinen, iTnews
Aug 11 2016
1:00PM
0 Comments

Related Articles

  • UNSW restarts search for new CISO
  • Reserve Bank of NZ governor apologises for 'serious' data breach
  • Google unravels state-of-art Android and Windows exploit chains
  • Mimecast says hackers hijacked its products
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.