As more manufacturers begin to add more technologies (keyless entry, advanced infotainment system, and online connectivity), the danger of having a vehicle hacked increases. We saw this first-hand last year as two security researchers revealed a number of security holes in FCA's UConnect system that allowed them to access critical vehicle functions such as braking and steering. Now a new research paper reveals 100 million Volkswagen Group vehicles going back to 1995 have a serious security issue that can allow someone to unlock the vehicle without a key.
Wired reports a group of researchers at the University of Birmingham and a German engineering firm were able to intercept the radio signal from the vehicle's keyfob. From there, a clone of the key can be made to unlock the vehicle. The hack can be done with few a computer components and a radio receiver for about $40.
“You can really build something that functions exactly like the original remote,” said Flavio Garcia, a computer scientist University of Birmingham
The researchers uncovered this flaw after reverse-engineering an undisclosed Volkswagen component and were able to extract a cryptographic key value that is common to many of the company's vehicles. Just having this key isn't enough, but when you intercept the signal from a key to get its cryptographic key value, then you can create a clone to unlock the vehicle.
Volkswagen has reportedly acknowledged the vulnerability and is working on a fix. Researchers also note the only vehicle not affected by this is the latest Volkswagen Golf and sister models.