Researchers from the UK’s University of Birmingham and from the German engineering firm Kasper & Oswald have found that millions of Volkswagen cars worldwide could be vulnerable to a wireless hack to their remote control key systems.
The researchers, who are due to present their evidence in a paper at the USENIX Security Symposium in Austin, Texas this week, discovered a method by which a criminal could eavesdrop on the signal sent from the key fob to the car.
How The Hack Could Work.
The researchers discovered that most Volkswagens built since 1995 only use one of a small number of electronic master keys to remotely operate the doors. Fortunately though, this master key is in itself not enough to operate the doors. In order to do so, it needs to be combined with a unique code generated by each remote key device.
The researchers, therefore, used a piece of radio hardware costing only $40 to create a device that can intercept the signal sent from the key fob to the car. The researchers estimate that the person using the device could operate it successfully within 100 metres of the vehicle being targeted.
The decrypted signal could then be used to make a copy of the key fob, and this key fob could be used to open the car doors.
The researchers reportedly tested the hack on the Jetta, Golf and Passat Volkswagens, and on the Audi A1 which is manufactured by Volkswagen. Although these were the models that the researchers used in their test, Volkswagen has not confirmed exactly which models could be affected by hacks of this kind.
Volkswagen is reported as saying, however, that it will continue to work on its security.
Shared With Volkswagen.
One piece of good news is that the researchers shared their findings back in November with Volkswagen, and they also agreed to not share the specifics of how the hack was achieved when the findings were published – hence no specifics with this article.
According to the researchers, this kind vulnerability is not likely to have a fast and inexpensive fix. They suggest that a firmware update will be needed.
What Does This Mean For Your Business?
If you have Volkswagen business vehicles then this may, of course, be of immediate concern but this story is really part of a wider issue of security of how we can maintain the security of our possessions and devices that have smart or computerised element to them, such as the IoT.
So many of us are now buying devices for mobile use or for use in the home and / or workplace that have a smart element to them / are connected to the Internet, that we now have many more possible security vulnerabilities around us that we are not fully aware of.
Some security scanners are available for those types of devices e.g. BullGuard’s IoT Scanner is a web-based application – see http://iotscanner.bullguard.com/ . Generally though, we should take what precautions we can while simply expecting more security weak spots to be discovered in our cars and devices in the near future.