A new wireless hack shows how Volkswagen left not only its ignition vulnerable with the ability to be started and driven without the use of a key but its keyless entry system proved to be vulnerable as well. The flaw – which affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers – was discovered in 2012, but carmakers sued the researchers to prevent them from publishing their findings. This Security System flaw applies to any Volkswagen vehicle made since 1995 which includes over 100 million cars. At the August 10-12th Usenix security conference in Austin TX, a combined team of Birmingham University researchers and German Engineers from Kasper and Oswald revealed two distinct vulnerabilities affecting the keyless entry system. One of the vulnerabilities could affect every Volkswagen sold since 1995, and the second could affect millions of more vehicles including, Fiat, Ford, Mitsubishi, and Nissan. Both attacks are said to be cheap and the supplies easily accessible.
Immobilizers are electronic security devices that stop a car's engine from running unless the correct key fob (containing the RFID chip) is in close proximity to the car. They are supposed to prevent traditional theft techniques like hot-wiring but can be bypassed. An attacker only needs a software-defined radio connected to a laptop, which could be bought on eBay for less than $40, with this s/he can intercept signals from a victim’s key fob and then employ those signals to clone the key. The researchers detail how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by malicious hackers looking to steal these luxury vehicles. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”. Although the researchers have not shared which components they extract, they are confident that if their team could successfully identify it, others of sophisticated technological knowledge could as well. General Motors, however, see this security breach differently stating that it “does not consider this item to be a significant risk to customers due to the technical sophistication of the demonstration and the very limited circumstances under which the demonstration can be carried out.”
Follow this link to Usenix Paper on their findings: