Millions of Volkswagen cars can be hacked with $40 device
Researchers have discovered keyless entry vehicles are vulnerable to cybercriminal activity
Over 100 million Volkswagen, Audi, Seat and Skoda vehicles sold over 20 years ago are vulnerable to be being hacked due to their keyless entry system, according to a team of security researchers.
The researchers from the University of Birmingham, England, and a researcher from security firm Kasper and Oswald GmbH in Germany, found that vehicles which were manufactured between 1995 and 2016 can be hacked by a cheap tool, costing $40 only.
Cybercriminals can use a homemade radio to eavesdrop on the signal standing only 100 metres away from the vehicle. Every time a driver presses their key fob to lock or unlock their vehicle, the hackers can clone the signal.
Also, the researchers described another potential attack against Hitag2 remote keyless entry systems which run on circuits developed by chipmaker NXP. They revealed using the same radio tool, hackers can extract a cryptographic code and then intercept the unique ID sent by the car fob.
Researcher Flavio Garcia said: "It's a bit worrying to see security techniques from the 1990s used in new vehicles. If we want to have secure, autonomous, interconnected vehicles, that has to change."
The researchers notified the German car manufacturer, and according to Reuters, VW spokesman Peter Weisheit said: "The responsible department at Volkswagen Group is in contact with the academics mentioned and a constructive exchange is taking place." However Weisheit did clarify that its current Golf, Tiguan, Touran and Passat models are not at risk from the attack.
The researchers also revealed that vehicles built on VW's MQB production platform, including the Golf VII, are also not vulnerable to this hacking process. Furthermore, the researchers only focussed on mass-market models and not VW's luxury brands including Porsche, Bentley, Lamborghini and Bugatti.
The researchers also revealed that Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot models are also vulnerable to wireless hacks due to their keyless feature.