Thanks to a flaw in the company's software, 100 million Volkswagen vehicles could be unlocked by hacking the signals from their keyless entry fobs, according to new research scheduled to be released this week.
The bug, discovered by a team from the University of Birmingham and researchers from German engineering firm Kasper & Oswald, enables tech-savvy thieves to clone a car's key fob by capturing just two radio signals. It extends to nearly every car sold by Volkswagen A.G. since 1995—Audis, VWs, Bentleys, Skodas, and so forth. The flaw is scheduled to be revealed on Friday at the Usenix security conference in Austin, Texas.
To crack the code and clone the key, researchers say, all a clever crook would need is a $40 piece of radio hardware small enough to slip into a pocket. Using such a device, or a laptop outfitted with the proper radio equipment, a criminal can sweep up the radio transmission from even a single press of the car's remote, so long as he or she is within roughly 300 feet of the intended target.
Of course, that sort of radio eavesdropping technology is hardly new, and carmakers have taken steps to make it tougher to steal a car by adding additional levels of security. That's where the researchers' finding comes in. Through laborious digging inside the Volkswagen network, the team discovered a handful of cryptographic keys shared across nearly all VW vehicles; combine that with the individual radio transmission from the keyless entry remote, and poof—instant access.
“You only need to eavesdrop once,” the University of Birmingham's David Oswald told WIRED. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”
According to the researchers, the four most common shared cryptographic keys alone could open the doors to nearly 100 million VW family vehicles sold in the last 20 years. Only a handful of recent cars, such as the latest-generation VW Golf, have locking systems that protect against such an attack.
The researchers have also determined a separate vulnerability in millions of other non-VW vehicles, including Fords, Chevys, and Renaults, among many others. That hack, they claim, is even more simple. A hacker simply needs to use a small radio device like the one used in the Volkswagen attack to capture several rolling codes from the owner's wireless key as he or she locks or unlocks the car; once the crook has that information, he or she can punch through the code and open a vehicle in as little as 60 seconds.
The researchers say they won't reveal the specifics of their work, in order to keep black-hat hackers from using it for evil—but that's not to say criminals won't find the information on their own. For now, the team says, the best way to keep your car safe is to keep valuables out of sight...and hope any would-be carjacking hackers don't have the talent to steal your car as well as break in.