Hackability of Volkswagen’s Keyless Entry System Exposed

Hackers using cheap wireless devices pose a threat to millions of cars equipped with Volkswagen’s keyless entry system, according to a study from the University of Birmingham.

Scheduled for presentation Friday at the USENIX security conference in Austin, Texas, the study shows that thieves can use a simple wireless device to unlock the doors of millions of cars remotely, essentially by cloning the remote control that wirelessly secures a car door lock.

A second hack involves recovering the cryptographic key by attacking the rolling code scheme, called “Hitag2,” and entering a few keystrokes on a laptop to access a car.

The vulnerability could impact up to 100 million cars manufactured under the Volkswagen brand and others over the past 20 years.

Keeping a Lid on It

The initial research was considered so sensitive that the manufacturer for two years blocked publication of some of the results through a lawsuit, before both sides sat down to examine the findings and take action to mitigate the risk.

“Volkswagen takes the security of our customers and their vehicles very seriously,” spokesperson Mark Gillies said. “Volkswagen’s electronic and mechanical security measures are continuously being improved.”

The company “was in contact with the academics mentioned, and a constructive exchange is taking place,” he noted.

Volkswagen agreed that the authors would “publish their mathematical-scientific findings,” said Gilles, “but without the sensitive content that could be used by accomplished criminals to break into vehicles.”

The findings in the research will be used to improve the company’s security-technology, he added, noting that while research on auto security is important, “hacking into vehicles is a malicious, criminal act.”

Connected World

As cars become more connected, more hacking vulnerabilities are coming to light, said Akshay Anand, an automotive analyst at Kelley Blue Book.

“Luckily, to this point, all the hacks have either been controlled or with good intentions, but that may not always be the case in the future,” he told TechNewsWorld. “Since hacking will never be stopped 100 percent, the industry needs to focus on mitigating it as much as possible, and recover as quickly as possible when a hack does happen.”

The risk uncovered in this University of Birmingham study is twofold, said Steve Grobman, CTO at Intel Security. The Volkswagen master key appears to be at risk of reverse engineering and there are cryptographic vulnerabilities in remote keyless entry systems that use the Hitag2 system.

“These two issues likely apply to a large number of vehicles, both from Volkswagen and other manufacturers,” he told TechNewsWorld. “However, they appear to affect only the car entry subsystem, not other subsystems.

The underlying issues involved in this vulnerability, including weakness in the Hitag2 protocol, have worried security experts and carmakers for some time, Grobman said.

“Connected devices, including autonomous vehicles and home automation systems, should only adopt crypto algorithms and protocols that have been through an open and accepted selection process by industry standards organizations,” he advised.

This type of cyber risk became a concern years ago, as cars began to depend increasingly on wireless networks and remote access technologies, according to Clarence Ditlow, executive director of The Center for Auto Safety.

“Up until 10 to 12 years ago,” he told TechNewsWorld, “you had to have a mechanical key to start the engine.”

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

9 Comments

  • Anyone with a hammer poses a threat.. they can break glass no thief is going to waste time with some expensive scanner to carry around that may or may not work.

    A hammer works on EVERY car regardless and it’s much easier and quicker.

    Don’t keep valuables in car, best advice, no need to worry about people stealing stuff if there is nothing to steal, literally.

    • >>Anyone even remember why we need remote keyless entry? Are we that lazy we can’t put a key in a lock anymore? <<

      Seriously? Wireless is not the problem, sure we can use a key and put in the door…. ALL 4 of them, yeah that’s a terrific idea (rolling eyes).

      The reason we use keyless is not merely for convenience it’s for safety.. you are obviously a guy because a woman would know that they can use the key to not only unlock the door but sound an alert for one, and secondly having the door open at an instant instead of fumbling for key is WAY more secure.. so yes we NEED keyless.

      Instead of just grumbling about why such a "convenience" is unnecessary do some research first.. it’s quite easy to establish reasons why keyless became the standard.

      I can cite more examples but you should be able to find these on your own.. I would hope.

      • >>So how the hell do I disable the wireless remote In my car???<<

        Pull the fuse.. or buy a cheap car with no frills.. but it’s a standard on every car now..

        No need to be paranoid about something you can’t control, if someone REALLY wants something in your car, they break glass, can be done in 2 seconds, steal whatever is in back seat, and run, no sense wasting time carrying around a code scanner when a rock hammer will do the job much easier…

        • This article is mere hype.. sure there are vulnerabilities.. but they are difficult to attain.

          go read the article about how they conducted their tests, it was isolated they know the car and codes in advance (that’s important), so they do these tests on the SAME vehicle over and over until they get in.. that’s hardly a real world test.

          Then they say the car is easy to enter, again look at the details.. *IF* you know when someone presses a button on their remote and *IF* you happen to be in the same location as that remote, and *IF* the car systems is able to respond to a foreign key with a few seconds of entry *THEN* the car can be opened by a key other than 2 the 2 that were paired with the car initially…

          It’s all media hype, they make it SOUND easy but it’s hardly that simple.. You can take the device and walk around a VW dealership.. I DARE you to repeat their steps.. if you open 1 in 100.. yeah you would call that success, but 1 in 100?

          I will take those odds.. On top of that this ONLY gains entry to the vehicle not the starter, not the trunk (that’s a different key usually) or you can lock out trunk glove box with valet mode.. if you are paranoid just leave valet mode on.

          Put valuables in the trunk.. voila. problem solved.. yeah you can climb in the back seat, lift the arm rest and wiggle your arm inside the trunk in the hopes you might something valuable that would fit in that same hole, good luck.

          A thief is in and out in under 30 seconds its smash and grab, they aren’t going to waste time scanning vehicles for potentials vulnerable vehicles..

          besides talk to ANY master locksmith, they can use a slim jim and get in and out of ANY car in 10 seconds using a specially designed piece of metal, how do you think they can unlock your car in the first place? Yeah so this is more advance but a locksmith can break into your car..

          don’t get me started on the anti-theft alarm, and car start you have to bypass and lojack.. if you are REALLY concerned don’t keep expensive stuff in your car, period.

          • But much of this wireless technology is poorly done and so its no better than traditional keys. Stop defending a wireless technology that’s easily cracked.

  • Anyone even remember why we need remote keyless entry? Are we that lazy we can’t put a key in a lock anymore? Do we have to be able to unlock our car from 20 feet? In the end technology is not always a friend but another security risk. Not to mention a annoying bulky key fob I have to deal with. Change the battery every couple years and hope I never lose it because their not cheap. I could go to my local hardware store before and for a buck or two get a copy of my key. Yea, technology is great isn’t it?

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

CRM Buyer Channels