100 Million Volkswagen Group Vehicles Can Be Unlocked With a Cheap Hacking Device

Steph Willems
by Steph Willems

Two decades’ worth of Volkswagen Group vehicles are vulnerable to a simple, cheap hack that can unlock their doors.

A research paper released this week (first reported by Wired) describes how multiple Volkswagen, Audi, Seat and Skoda models built since 1995 can be unlocked using a handmade radio that copies key fob signals.

In the paper, researchers from the University of Birmingham and German security firm Kasper & Oswald outline two ways of getting into an unwilling vehicle. Both methods employ cheap radio hardware to “clone” a driver’s key fob. After hacking the encryption used by Volkswagen on millions of keys, all they needed to do was use a radio to intercept the unique signal from an individual key.

Mix the two values, and bingo. An unlocked car.

“You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”

The first method involves a software defined radio connected to a laptop, but there’s a problem with that route. The hacker must be within 300 feet of the vehicle to catch the signal. A better way is to build your own Arduino board with an attached radio receiver. The radio itself might set a hacker back $40, and the overall package is much smaller.

The hardest part of the operation is hacking the shared key values. Only four exist, spread out among the roughly 100 million Volkswagen Group vehicles with keyless entry systems, but once hacked, the information can then be shared.

The researchers don’t disclose the shared key values in their paper, and alerted Volkswagen to their findings.

“We were kind of shocked,” Timo Kasper at Kasper & Oswald told the BBC. “Millions of keys using the same secrets — from a cryptography point of view, that’s a catastrophe.”

The team claims to know of at least 10 other widespread hacking schemes affecting other automakers, but haven’t yet published their findings.

[Image: Volkswagen of America]

Steph Willems
Steph Willems

More by Steph Willems

Comments
Join the conversation
4 of 13 comments
  • Robbie Robbie on Aug 12, 2016

    Does this mean cheap replacement keys from some guy on Ebay?

  • MBella MBella on Aug 13, 2016

    100% of cars can be unlocked with a coat hanger. Where's the sensationalist headline?

    • See 1 previous
    • DenverMike DenverMike on Aug 14, 2016

      I'd rather own a car anyone (me especially) can somewhat easily break into. But coat hangers work on probably 0.01% of autos made since '87. That's not to say you couldn't pop the lock on probably 25% of newer cars with home manufactured tools or a slim-jim if you know exactly what you're doing. Although, unlocking a stranger's or victim's car "remotely" should be a difficult/expensive task. This adds a new twist or angle for thieves casually walking up to a car they remotely unlocked , drawing almost zero unwanted attention to themselves. This still doesn't start the cars, but thieves are likely more interested in grabbing anything of value in your car, than stealing the car itself.

Next