In the latest incident of car hacking, it has been announced that almost every Volkswagen that has been built since 1995 is vulnerable to cyber crime – a number totalling up to a million cars which includes other models within the VW Group including Audi, SEAT, Skoda, Bentley and Lamborghini.
This security loophole, which affects the keyless entry systems of the company’s cars, was discovered by researchers at the University of Birmingham and it shows that VW’s key fobs could essentially be cloned with equipment costing as little as £30.
The research shows that when the key fob’s signal is intercepted once, the cryptographic key can be shared across potentially millions of cars – which can be broken into in less than a minute. Hackers can then reverse engineer the keyless entry system in the affected models.
Attacks can be carried out using cheap, battery-run commercially available radios, which are capable of eavesdropping and recording the rolling codes used by keyless entry systems and then emulating a key.
The research showed that Volkswagen Group had relied on only a few cryptographic global master keys for the RKE systems in vehicles sold during the past two decades.
Flavio D. Garcia, from the University of Birmingham commented: “It’s a bit worrying to see security techniques from the 1990s used in new vehicles.” Since the announcement VW has stated that ultimately there is no 100% guarantee of security.