By on August 12, 2016


Two decades’ worth of Volkswagen Group vehicles are vulnerable to a simple, cheap hack that can unlock their doors.

A research paper released this week (first reported by Wired) describes how multiple Volkswagen, Audi, Seat and Skoda models built since 1995 can be unlocked using a handmade radio that copies key fob signals. 

In the paper, researchers from the University of Birmingham and German security firm Kasper & Oswald outline two ways of getting into an unwilling vehicle. Both methods employ cheap radio hardware to “clone” a driver’s key fob. After hacking the encryption used by Volkswagen on millions of keys, all they needed to do was use a radio to intercept the unique signal from an individual key.

Mix the two values, and bingo. An unlocked car.

“You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”

The first method involves a software defined radio connected to a laptop, but there’s a problem with that route. The hacker must be within 300 feet of the vehicle to catch the signal. A better way is to build your own Arduino board with an attached radio receiver. The radio itself might set a hacker back $40, and the overall package is much smaller.

The hardest part of the operation is hacking the shared key values. Only four exist, spread out among the roughly 100 million Volkswagen Group vehicles with keyless entry systems, but once hacked, the information can then be shared.

The researchers don’t disclose the shared key values in their paper, and alerted Volkswagen to their findings.

“We were kind of shocked,” Timo Kasper at Kasper & Oswald told the BBC. “Millions of keys using the same secrets — from a cryptography point of view, that’s a catastrophe.”

The team claims to know of at least 10 other widespread hacking schemes affecting other automakers, but haven’t yet published their findings.

[Image: Volkswagen of America]

Get the latest TTAC e-Newsletter!

13 Comments on “100 Million Volkswagen Group Vehicles Can Be Unlocked With a Cheap Hacking Device...”

  • avatar
    SCE to AUX

    VW: “Yes, but this hack is limited to only those vehicles with power locks. German Engineering!”

  • avatar

    VW: “We did not know of this issue, because at the time the researchers called our 1-800 number in Germany, our offices were being cleaned and there was a loud vacuum cleaner running. We could not hear their call.”

  • avatar

    Apparently they couldn’t find a silver Jetta Sportswagen for the marketing photo.

  • avatar

    On the upside, VW owners have the comfort of knowing no one will even want to steal their cars, or their billion other variants.

    • 0 avatar

      Engineer: But 4 shared key values is not secure! We need to work on that.
      Manager: No time for that. We need to get diesel emissions down or hidden.

      • 0 avatar

        Manager 77: We needa security code for our VW Golfs.
        Engineer 267: Understood, I’ve kept it 4 digits to make it easier to switch…
        Manager 77: NEIN! This code will be shared with all of our cars
        Engineer 267: …All of them?
        Manager 77: Yes, Skodas, Seats, Audis, but no need to worry. People are too stupid to hack our security.
        Engineer 267: But what if they do?
        Manager 77: Heinz, do you remember that vacation you asked for? You may want to stop asking questions.

    • 0 avatar

      Heh. Reminds me of the joke about the hated evil king whose carriage was captured by highwaymen. They were cheering that they could hold him for ransom, when the king’s driver asked, “Who will pay it?” They let him go.

  • avatar

    I never lock my car.
    But then, I’d never buy a VW.
    What does this mean?

    I love quiche!

  • avatar

    Does this mean cheap replacement keys from some guy on Ebay?

  • avatar

    100% of cars can be unlocked with a coat hanger. Where’s the sensationalist headline?

    • 0 avatar
      Mr. Orange

      99.999999999999% of cars. You forgot about the TVR Tuscan.

    • 0 avatar

      I’d rather own a car anyone (me especially) can somewhat easily break into. But coat hangers work on probably 0.01% of autos made since ’87. That’s not to say you couldn’t pop the lock on probably 25% of newer cars with home manufactured tools or a slim-jim if you know exactly what you’re doing.

      Although, unlocking a stranger’s or victim’s car “remotely” should be a difficult/expensive task. This adds a new twist or angle for thieves casually walking up to a car they remotely unlocked , drawing almost zero unwanted attention to themselves.

      This still doesn’t start the cars, but thieves are likely more interested in grabbing anything of value in your car, than stealing the car itself.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • kcflyer: It’s what happens when billionaires who hate America put a puppet in office who has not one single...
  • schmitt trigger: I am happy, seriously, that the comments have not devolved into a blue state vs red state political...
  • kcflyer: Deer Hunters rejoice!
  • redapple: BS. BEV ORV? Just wait until it runs out of juice in an area where the rescue pickup cannot access. Fixing...
  • Dave M.: My first opportunity driving a Japanese brand was the new 1974 Corona wagon I used in a high school job...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Adam Tonge
  • Bozi Tatarevic
  • Corey Lewis
  • Jo Borras
  • Mark Baruth
  • Ronnie Schreiber