By on August 12, 2016

2013-volkswagen-lineup

Two decades’ worth of Volkswagen Group vehicles are vulnerable to a simple, cheap hack that can unlock their doors.

A research paper released this week (first reported by Wired) describes how multiple Volkswagen, Audi, Seat and Skoda models built since 1995 can be unlocked using a handmade radio that copies key fob signals. 

In the paper, researchers from the University of Birmingham and German security firm Kasper & Oswald outline two ways of getting into an unwilling vehicle. Both methods employ cheap radio hardware to “clone” a driver’s key fob. After hacking the encryption used by Volkswagen on millions of keys, all they needed to do was use a radio to intercept the unique signal from an individual key.

Mix the two values, and bingo. An unlocked car.

“You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”

The first method involves a software defined radio connected to a laptop, but there’s a problem with that route. The hacker must be within 300 feet of the vehicle to catch the signal. A better way is to build your own Arduino board with an attached radio receiver. The radio itself might set a hacker back $40, and the overall package is much smaller.

The hardest part of the operation is hacking the shared key values. Only four exist, spread out among the roughly 100 million Volkswagen Group vehicles with keyless entry systems, but once hacked, the information can then be shared.

The researchers don’t disclose the shared key values in their paper, and alerted Volkswagen to their findings.

“We were kind of shocked,” Timo Kasper at Kasper & Oswald told the BBC. “Millions of keys using the same secrets — from a cryptography point of view, that’s a catastrophe.”

The team claims to know of at least 10 other widespread hacking schemes affecting other automakers, but haven’t yet published their findings.

[Image: Volkswagen of America]

Get the latest TTAC e-Newsletter!

Recommended

13 Comments on “100 Million Volkswagen Group Vehicles Can Be Unlocked With a Cheap Hacking Device...”


  • avatar
    SCE to AUX

    VW: “Yes, but this hack is limited to only those vehicles with power locks. German Engineering!”

  • avatar
    CoreyDL

    VW: “We did not know of this issue, because at the time the researchers called our 1-800 number in Germany, our offices were being cleaned and there was a loud vacuum cleaner running. We could not hear their call.”

  • avatar
    TheEndlessEnigma

    Apparently they couldn’t find a silver Jetta Sportswagen for the marketing photo.

  • avatar
    Ryoku75

    On the upside, VW owners have the comfort of knowing no one will even want to steal their cars, or their billion other variants.

    • 0 avatar
      WheelMcCoy

      Engineer: But 4 shared key values is not secure! We need to work on that.
      Manager: No time for that. We need to get diesel emissions down or hidden.

      • 0 avatar
        Ryoku75

        Manager 77: We needa security code for our VW Golfs.
        Engineer 267: Understood, I’ve kept it 4 digits to make it easier to switch…
        Manager 77: NEIN! This code will be shared with all of our cars
        Engineer 267: …All of them?
        Manager 77: Yes, Skodas, Seats, Audis, but no need to worry. People are too stupid to hack our security.
        Engineer 267: But what if they do?
        Manager 77: Heinz, do you remember that vacation you asked for? You may want to stop asking questions.

    • 0 avatar
      Lorenzo

      Heh. Reminds me of the joke about the hated evil king whose carriage was captured by highwaymen. They were cheering that they could hold him for ransom, when the king’s driver asked, “Who will pay it?” They let him go.

  • avatar
    Kenmore

    I never lock my car.
    But then, I’d never buy a VW.
    What does this mean?

    I love quiche!

  • avatar
    Robbie

    Does this mean cheap replacement keys from some guy on Ebay?

  • avatar
    MBella

    100% of cars can be unlocked with a coat hanger. Where’s the sensationalist headline?

    • 0 avatar
      Mr. Orange

      99.999999999999% of cars. You forgot about the TVR Tuscan.

    • 0 avatar
      DenverMike

      I’d rather own a car anyone (me especially) can somewhat easily break into. But coat hangers work on probably 0.01% of autos made since ’87. That’s not to say you couldn’t pop the lock on probably 25% of newer cars with home manufactured tools or a slim-jim if you know exactly what you’re doing.

      Although, unlocking a stranger’s or victim’s car “remotely” should be a difficult/expensive task. This adds a new twist or angle for thieves casually walking up to a car they remotely unlocked , drawing almost zero unwanted attention to themselves.

      This still doesn’t start the cars, but thieves are likely more interested in grabbing anything of value in your car, than stealing the car itself.


Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • DevilsRotary86: Back in 2015/2016 when I was considering a new car, Mr Kyree Williams on here suggested that I should...
  • Superdessucke: This makes me realise how much I miss the hot hatch. We have the ancient GTI which is pretty much...
  • -Nate: Oy, vey . -Nate
  • EBFlex: “They finally get the styling right and we can’t have it. Sonofasnitch.” Ford would rather you...
  • Hummer: This is why Acura will never be more than a Honda+. 290HP in a V6 is about 10 years behind the competition....

New Car Research

Get a Free Dealer Quote

Staff

  • Contributors

  • Timothy Cain, Canada
  • Matthew Guy, Canada
  • Ronnie Schreiber, United States
  • Bozi Tatarevic, United States
  • Chris Tonn, United States
  • Corey Lewis, United States
  • Mark Baruth, United States
  • Moderators

  • Adam Tonge, United States
  • Corey Lewis, United States