Car hacking is nothing new, especially with the advent of connected dashboards, but it seems even older vehicles are vulnerable to being hacked. In a paper by researchers from the University of Birmingham and German security firm Kasper & Oswald, it was revealed that a range of vehicles from Volkswagen Group are vulnerable to attacks.
All an attacker needs is an Arduino-based RF transceiver, which costs about $40, to clone key fobs or digital keys and unlock the vulnerable vehicles. Vehicles manufactured by the Volkswagen group between 1995 and 2016, specifically the Audi A1, Q3, R8, S3, TT; VW Beetle, Golf 4, Golf 5, Golf 6, Golf Plus, Jetta, Passat, Tiguan, and Touran, are said to be vulnerable to the key-cloning attacks. The paper reveals that the affected vehicles rely on a few global master keys. Using a homemade radio, the researchers were able to eavesdrop on the signal sent by the original remote. They then decrypted the cryptographic algorithms and keys from the control unit to clone the remote and use it to lock or unlock doors of target vehicles.
The paper also reveals VW Group vehicles are not the only vulnerable targets. It was discovered that some vehicles made by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford are vulnerable to a similar attack that uses the Hitag2 rolling code scheme to clone the remote. “Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles,” the paper noted.
Volkswagen is already working with the researchers to address the problem and revealed that newer generations of Golf, Tiguan, Touran, and Passat are not affected. The researchers have agreed not to disclose cryptographic keys, part numbers of vulnerable ECUs, and the reverse-engineering process.
If you think your vehicle is vulnerable to such an attack, the researchers said the only effective way to deter hackers is to fully deactivate the remote keyless entry functionality and use the mechanical lock of the vehicle.
Photo credit: VW Group, Pixabay