Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Wireless Hack Can Unlock Almost Every Volkswagen Sold Since 1995 (arstechnica.com)

Posted by msmash on from the bigtime-nightmare dept.

Volkswagen isn't having the best of times. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years are vulnerable to theft because keyless entry systems can be hacked using cheap technical devices, reports Wired (alternate source). Security experts of the University of Birmingham were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars. ArsTechnica reports: The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob -- obtained with a little electronic eavesdropping, say -- you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg (writer at Wired) notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute.

115 comments

  1. New tech defeats old tech by Anonymous Coward · · Score: 0

    Story at 11. Yawn. If someone has a 1995 VW and it gets stolen, they'll probably be cheering.

    1. Re:New tech defeats old tech by sexconker · · Score: 3, Informative

      Keyword: since

    2. Re:New tech defeats old tech by NatasRevol · · Score: 1

      Also, this is new tech defeating stupid implementations.

      --
      There are two types of people in the world: Those who crave closure
    3. Re: New tech defeats old tech by Anonymous Coward · · Score: 0

      This is so old/lame/known that even Steven King used it in a plot line in one of his books years ago.

      Keyless entry can be spoofed. Period.

    4. Re: New tech defeats old tech by fubarrr · · Score: 1

      WVs were being stolen with a replay attack since nineties in Russia

    5. Re: New tech defeats old tech by Anonymous Coward · · Score: 0

      In Soviet Russia, keyless entry spoofs YOU.

    6. Re:New tech defeats old tech by Bob_Who · · Score: 1

      Right. Why should we believe that the wireless hack is new if the car it opens "since" 1995 is not...

      It is more likely that if a key exists to open doors for twenty years that it is not new. Its probably twenty years old.

      The only thing new here is the clue to the clueless.

  2. Re:Volkswagen, again by beelsebob · · Score: 2

    If you even read the summary, you'll see that it's VW, Alfa, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.

  3. Well, I'm in the clear. by pecosdave · · Score: 1

    I only have one keyfob and it isn't actually paired with the car anyways - I have to open it old-school.

    --
    The preceding post was not a Slashvertisement.
    1. Re:Well, I'm in the clear. by Anonymous Coward · · Score: 0

      the remote lock is a pain in the arse anyway... they are so easy to press in your pocket, and a tap + tap and hold will roll down the windows. Fun if you accidentally do this in your pocket (easy) and it's raining outside.

      I was happy when the battery ran out, i'm happier after hearing this too. You don't need remote lock to benefit from the convenience of central locking though... how much time are you really saving, it's not far off pressing the eject button on a dvd player, you save maybe half a second.

    2. Re:Well, I'm in the clear. by pecosdave · · Score: 1

      I have a toddler that LOVES to push the panic button on the Ford's remote. Nah, about the only thing I'm really missing is opening the trunk without going to the drivers side door first, or opening the rear passenger door to shove the toddler into his seat first. Guess with time they decided you only need one keyhole on the outside of the car.

      --
      The preceding post was not a Slashvertisement.
  4. this is why by The-Ixian · · Score: 1

    You never buy a car with power windows.... every convenience is either an attack surface and/or a money sink when it needs to be repaired.

    --
    My eyes reflect the stars and a smile lights up my face.
    1. Re:this is why by TheGratefulNet · · Score: 1

      power windows and power door locks are a GOOD SAFETY FEATURE.

      ever drive thru a bad area?

      then you'll understand.

      --

      --
      "It is now safe to switch off your computer."
    2. Re:this is why by Anonymous Coward · · Score: 0

      I have a Luddite coworker who shares your mistaken belief that power windows are some kind of problem. Regular windows fail too, and replacing a power window drive system is inexpensive and easy.

    3. Re:this is why by Anonymous Coward · · Score: 0

      Jeep has this right, don't like the power door locks and power windows? Simply disconnect and leave the doors in the garage. Problem solved.

      So looking forward to my drive home tonight.

    4. Re:this is why by The+Grim+Reefer · · Score: 2

      power windows and power door locks are a GOOD SAFETY FEATURE.

      ever drive thru a bad area?

      then you'll understand.

      As long as it makes you feel better, I suppose. I used to live in bad areas. You do realize that the sound of those lock actuators are very audible outside the car too, right?

      At best, it'll make a bunch of people laugh at you. I've seen guys go up and punch the side window out of people cars when they lock them just for fun. And that window, or even the door panel isn't going to stop a bullet, no matter how many times you've seen it do so on TV or in the movies.

      Either lock your doors when you get in your car, or remember to do so long before you end up in a "bad area". At least you won't paint a target on yourself when you're feeling out of you comfort zone.

    5. Re:this is why by TheGratefulNet · · Score: 2, Insightful

      let them punch my windows. in my whole life, I've never seen a FIST break a window. I think you are full of shit, my friend.

      --

      --
      "It is now safe to switch off your computer."
    6. Re:this is why by pr0fessor · · Score: 2

      It depends on the make model mine is like $200 a door for the motor and assembly then $30 for the switch... then you have to drill out all the pop rivets if it's never been changed before and good luck installing the new motor and assembly hope you have tiny hands... sound like a crappy Saturday to me...

    7. Re:this is why by The+Grim+Reefer · · Score: 1

      I have a Luddite coworker who shares your mistaken belief that power windows are some kind of problem. Regular windows fail too, and replacing a power window drive system is inexpensive and easy.

      I think the only failure I've ever had with manual windows is for the $.50 spring clip that holds the crank on gets lost after removing it to fix something else. Power window regulators typically run $100+. I've replaced too many of those to count over the years. Plus the time it takes to do so. I've also had to replace the switches in the passengers doors on occasion, which were relatively cheap. But the two times I've had to replace the drivers side it's the entire switch cluster. That was around $200 each time. And again the time it took to do so. Granted the switches don't take too long, but you have to be careful about removing the inside door clip, or you can break things. That can add a couple bucks for the plastic retaining clips, or could get into the hundreds of dollars if your not careful and break the panel itself.

      Power windows tend to stop working if you are in an accident and end up in water too. I was a passenger once when that happened.

      Not that I'd buy a car without power windows, but they are certainly not as cheap or durable as ones with a hand crank.

    8. Re:this is why by Locke2005 · · Score: 1

      Yeah, power windows and locks are great, until you drive into water, short out the electrical system, and are trapped inside the car. Rule of thumb: EVERY automatic system should have a manual backup! (To BMW's credit, their electric sunroof comes with a crank handle that can be used to close the sunroof when the electric motor fails. Not sure how many other manufacturers do this.)

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    9. Re:this is why by rgbscan · · Score: 1

      I dunno, I've seen a cop tear a window out with his bare hands. Look on youtube at "Man refuses to give license, gets tazed" uploaded by instajustice, at 2:13. Crazy.

    10. Re:this is why by deadwill69 · · Score: 0

      You don't get out much do you? http://www.dailymail.co.uk/new...

    11. Re:this is why by Anonymous Coward · · Score: 0

      You sound like my dad. For your sake I hope your nearly 70.

    12. Re:this is why by Anonymous Coward · · Score: 2, Informative

      In the U.S., cars will unlock with the mechanical motion of pulling the handle from the inside or must have the ability to be unlocked mechanically without electrical power. It's an NHTSA requirement for safety.

    13. Re:this is why by sjames · · Score: 1

      All it takes is a ring with a point on it.

    14. Re:this is why by tlhIngan · · Score: 3, Informative

      Yeah, power windows and locks are great, until you drive into water, short out the electrical system, and are trapped inside the car. Rule of thumb: EVERY automatic system should have a manual backup! (To BMW's credit, their electric sunroof comes with a crank handle that can be used to close the sunroof when the electric motor fails. Not sure how many other manufacturers do this.)

      Well, you can do the ObMythbusters who tested exactly that and found... it still works great, even after being submerged for 45 minutes.

      Or you can realize that it's pretty waterproof as it is, otherwise they'd short out in a moderate rainstorm - battery being in the engine compartment and getting wet, and the doors getting water inside of them too.

      No, what really prevents the windows from opening is water pressure - and even a manual crank is too weak to open a window in a fully submerged car.

    15. Re:this is why by dreamchaser · · Score: 2

      By the time they manage to break through the safety glass my legally owned and operated handgun will be at the ready, so it doesn't really matter, though I agree he is full of shit.

    16. Re:this is why by BitterOak · · Score: 2

      In the U.S., cars will unlock with the mechanical motion of pulling the handle from the inside or must have the ability to be unlocked mechanically without electrical power. It's an NHTSA requirement for safety.

      Have you ever tried opening a car door under water with the windows shut?

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    17. Re:this is why by oobayly · · Score: 1

      Luckily most of us come from countries where a "bad area" means that somebody *might* try opening your door to steal a bag on the passenger seat, not start firing bullets at you.

    18. Re:this is why by Cro+Magnon · · Score: 1

      In my country, that happens in the "good" areas!

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    19. Re:this is why by Anonymous Coward · · Score: 0

      That window was part open reducing its strength.

    20. Re:this is why by Anonymous Coward · · Score: 0

      Well, don't drive into water then. If you want to drive on water get a boat.

      If you are really worried about getting into an accident where you end up in water, the you should have one of those safety hammers in the car to break the window, you shouldn't rely on the mechanism to open the window being intact.

    21. Re:this is why by whoever57 · · Score: 1

      Yeah, power windows and locks are great, until you drive into water, short out the electrical system, and are trapped inside the car.

      That's why you have combination hammer/seatbelt cutter readily available.

      --
      The real "Libtards" are the Libertarians!
    22. Re:this is why by Anonymous Coward · · Score: 3, Funny

      Yes, I test this weekly just to be safe.

    23. Re: this is why by Anonymous Coward · · Score: 0

      If it is that water tight, might as well just chill and ponder your escape attempt before doing something more dumb than ending up in the water in the first place.

    24. Re:this is why by The+Grim+Reefer · · Score: 1

      let them punch my windows. in my whole life, I've never seen a FIST break a window.

      In my whole life, I've never seen an atom either or Antarctica for that matter. I'm pretty sure they exist.

      Obviously we grew up in much different places. Your parents probably didn't encourage you to fight either. Many of my friends parents did when I was younger. Mine didn't actively encourage it, but they didn't discourage it either.

      I think you are full of shit, my friend

      Yes, obviously you must know all and see all.

    25. Re:this is why by Anonymous Coward · · Score: 0

      I've seen guys go up and punch the side window out of people cars when they lock them just for fun. And that window, or even the door panel isn't going to stop a bullet

      Try that with me and get a free lesson that it won't stop a bullet going OUT either. Welcome to the free states, late Californian or .

    26. Re:this is why by deadwill69 · · Score: 2

      Check out the 30(21) foot rule of fighting one day. Might make you think twice about how safe you are with that handgun. "Originating from research by Salt Lake City trainer Dennis Tueller "rule" states that in the time it takes the average officer to recognize a threat, draw his sidearm and fire 2 rounds at center mass, an average subject charging at the officer with a knife or other cutting or stabbing weapon can cover a distance of 21 ... Edged Weapon Defense: Is or was the 21-foot Rule Valid?" Said suspect is already at your car. If your weapon is not already in your hand you have very few options.

    27. Re:this is why by deadwill69 · · Score: 1

      Why don't you do a quick search and see how many hits with video you get. This was just a sample.

    28. Re:this is why by Anonymous Coward · · Score: 0

      So yo need a gun and one that can shoot trough the bloody windows. At least we found a legitimate reason for having a firearm.

    29. Re:this is why by The+Grim+Reefer · · Score: 1

      By the time they manage to break through the safety glass my legally owned and operated handgun will be at the ready, so it doesn't really matter,

      This was just stupid teenage kid stuff. They'd run up and punch the window and run away. They didn't always break. The idea was to scare the hell out of the driver. Most of the time the person in the car ran the red light to get out of there.

      Just what do you think is going to happen if you shoot some kid in the ghetto who's pulling a prank? You're either going to go to jail for a very long time or get yourself killed.

      I can't say I've really looked into it, but I'd guess it would have been easier to break side windows back then as the doors tended to be a lot longer than modern cars. It probably wasn't designed as well either.

      though I agree he is full of shit.

      Oh look, another person who know all and sees all.

    30. Re: this is why by Anonymous Coward · · Score: 0

      Lol, that guy so deserved to get some "instajuatice" by the police. Clocked at 72 in a 55, and then being a total prick to the cop who was giving him a lawful order to produce a driver's license.

      Anyhow, back on topic, that cop didn't use his bare hands to smash the window -- he used his big ass 6-D cell mag flashlight to smash the window like it wasn't even there.

    31. Re:this is why by Anonymous Coward · · Score: 0

      So you're advocating we remove guns from cops? I like this idea.

    32. Re:this is why by TroII · · Score: 1

      This is why I keep Donald Trump on speed dial. $230 is pocket litter, and his tiny hands can fit down into the innards of the car door.

      --
      "If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
    33. Re: this is why by Anonymous Coward · · Score: 0

      You mean doors, not Windows, right?

      Windows are trivial to open underwater - if manual. P

      It's the doors that a huge pressure head behind them preventing you from opening them.

    34. Re:this is why by Anonymous Coward · · Score: 0

      No, it is not a NHTSA requirement, and not how all cars work. GM as a "safety feature" set their cars up so that the interior door handle does not open the door when it is locked, and many of their newer cars do not have the little manual door lock that you pull up on to unlock.

    35. Re:this is why by Anonymous Coward · · Score: 0

      That's why most people in the US / Canada would like to keep **our** countries from becoming like **your** country!

    36. Re:this is why by deadwill69 · · Score: 1

      Seems to work for them in the UK. Mostly.

    37. Re:this is why by Anonymous Coward · · Score: 0

      It was a shit sample.

      I don't care enough to spend time looking, if you don't want to provide a link to back up your argument, that is fine, but if you do then review it first and ensure it really does back up your argument, otherwise it seems like you are clutching at straws.

    38. Re:this is why by Anonymous Coward · · Score: 0

      In what parallel universe is the US not exactly like Cro Magnon's country?

  5. Drive-by fix by Tablizer · · Score: 2

    Good, it should then be easy for VW to update all their cheating smog applications.

    --
    Table-ized A.I.
    1. Re:Drive-by fix by Anonymous Coward · · Score: 0

      The cheat wasn't about smog, it was about NOx. The smog-related emissions of the cheating cars are actually even lower in normal conditions use than when cheating during the test, because there is, to some degree, a tradeoff between NOx and the pollutants that contribute to smog (particulates and hydrocarbons).

  6. Can someone hack the Dodge Charger next? by burhop · · Score: 4, Funny

    My key fob broke and Dodge wants several hundred dollars to replace it with a new one.

    Plus, it would be way cooler to walk around with a Raspberry Pi on my keychain that opens my car, everyone else car, and turns down the radio of the car parked next to me at a red light.

    1. Re:Can someone hack the Dodge Charger next? by phorm · · Score: 1

      Pi might be a bit inconvenient for that. How about a smartphone app?

    2. Re:Can someone hack the Dodge Charger next? by quenda · · Score: 1

      My key fob broke and Dodge wants several hundred dollars to replace it with a new one.

      So you car still starts, but no keyless entry?
      You should be able to get cheap generic fobs and receiver, and wire it to the unlock button inside your car.

    3. Re:Can someone hack the Dodge Charger next? by burhop · · Score: 1

      My key fob broke and Dodge wants several hundred dollars to replace it with a new one.

      So you car still starts, but no keyless entry?
      You should be able to get cheap generic fobs and receiver, and wire it to the unlock button inside your car.

      Weekend project! Whoo hooo!

  7. Partially Expected by EndlessNameless · · Score: 5, Insightful

    So in 1995, we also saw SHA1 formally accepted as a standard. And SHA1 is now considered to weak to be secure against well-funded attackers.

    The standard VW used had to be developed prior to 1995 if it was in production for the 1995 model year, so it's not surprising that it is more vulnerable. Compute capabilities have grown quite a bit.

    The only real problem I see is that VW is still using 90s-era crypto in modern vehicles. I'm not surprised by this, and I'd be shocked if they were the only ones---but it is still a problem.

    Cars with remote start and smartphone integration really need to have software support and upgrades over their anticipated lifespan. Sorry if it's a hassle, but cars are IT devices now.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    1. Re:Partially Expected by EndlessNameless · · Score: 1

      *too weak

      Dammit.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    2. Re:Partially Expected by Anonymous Coward · · Score: 0


      The only real problem I see is that VW is still using 90s-era crypto in modern vehicles.

      This is just nonsense. There hasn't been a massive revolution in cryptography since the 1990s. This isn't just a matter of simple failed cryptographic algorithms, it's highly likely this is an uttery failed implementation.

      Cryptography relies on the secrecy of certain keys. If you can find the key, you can break the crypto. From the article, VW used two secrets. One stored somewhere within the car, that apparently is always the same across models for 20+ years. The second one is in the FOB, and apparently of low enough entropy that it can be simply brute forced after observing a set number of car open/close events.

      The problem is obviously that VW had the one secret for the past 20 years. If they had used thousands of different secrets, then it'd take a much larger effort to try to get all those secrets. Better yet, have a different secret stored in each car.

    3. Re:Partially Expected by Anonymous Coward · · Score: 1

      Cars with remote start and smartphone integration really need to have software support and upgrades over their anticipated lifespan. Sorry if it's a hassle, but cars are IT devices now.

      Like our phones, you mean?

    4. Re:Partially Expected by Hylandr · · Score: 1

      Compute capabilities have grown quite a bit.

      Is anyone missing their old 486DX4 100?

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    5. Re:Partially Expected by Hylandr · · Score: 1

      If you own a Dodge built around 2000+ then yes.

      And they used GPIO for most of it. Including the transmission shifting.

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    6. Re:Partially Expected by armanox · · Score: 1

      Sometimes - much less bloat back in those days.

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
    7. Re:Partially Expected by Anonymous Coward · · Score: 0

      "And SHA1 is now considered to weak to be secure against well-funded attackers"

      Only for digital signatures. There's no known, or speculated, weakness for HMAC SHA1 or other similar uses of SHA1, such as in IPSEC.

    8. Re:Partially Expected by Anonymous Coward · · Score: 0

      On average, I probably think about my old 486 DX4 100 once a week. My life was far less complicated back then. -PCP

    9. Re:Partially Expected by Anonymous Coward · · Score: 0

      Compute capabilities have grown quite a bit.

      Is anyone missing their old 486DX4 100?

      No, I still have two.

  8. That's how hackers uploaded emission cheating by Anonymous Coward · · Score: 0

    I'm sure, that's how that emission cheating software got into all those cars ;-=

  9. Direct link to PDF of research paper by Anonymous Coward · · Score: 5, Informative

    The page at Wired requires tons of third-party Javascript and then tries to block ad blockers, so here's a link to the raw PDF:

    https://assets.documentcloud.org/documents/3010178/Volkswagen-amp-HiTag2-Keyless-Entry-System.pdf

    1. Re:Direct link to PDF of research paper by Anonymous Coward · · Score: 0

      Yeah, every time I go to Wired I remember that I am not supposed to go to Wired anymore. Hoping they will go broke.

  10. That's how hackers uploaded emission cheating by Anonymous Coward · · Score: 0

    I'm sure that's how that emission cheating software got into all those cars ;-)

  11. I can do the same thing with a ROCK by Anonymous Coward · · Score: 0

    Yeah its an interesting hack, but you can open any car with a rock to the window.

  12. My 17 year old golf... by Anonymous Coward · · Score: 0

    Is old enough they can have just about anything they want. Provided the smell of mildew isn't a deterrent :)

  13. Re:As always, the ASIAN cars are safest of all by Anonymous Coward · · Score: 1

    RTFA:

    The findings are to be presented at a security conference later this week and detail two different vulnerabilities...

    The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear....

    The second affects many more makes, "including Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg.

  14. This whole IoT, RF controlled... by Anonymous Coward · · Score: 1

    devices thing may be getting out of hand. Besides car entry and starting lack of security, we have Blue Tooth door locks that broadcast their pass code in plain text, thermostats that send info to their manufacturer about where householders may be or not be, "smart" TVs with audio pickup and maybe video being compromised so as to pass their data to who knows where, refrigerators sending personal info in the clear to where ever, and most recently Blue Tooth enabled vibrators sending usage information to its manufacturer. We're living a security and privacy nightmare.

    1. Re:This whole IoT, RF controlled... by Locke2005 · · Score: 1

      The Internet of Things. Turns out "Things" are a pretty gossipy bunch! Yes, most wireless-enabled front doorlocks are inherently insecure, I think the Kwikset was they only one they haven't found problems with... yet.

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:This whole IoT, RF controlled... by Anonymous Coward · · Score: 1

      Yeah, but Kwiksets are trivial to pick mechanically. They only have 4 pins and you can bump the lock manually really easily. So adding secure electronics on top of that doesn't matter...

    3. Re:This whole IoT, RF controlled... by Anonymous Coward · · Score: 0

      Yeah, but Kwiksets are trivial to pick mechanically. They only have 4 pins and you can bump the lock manually really easily.

      Just because Kwiksets suck doesn't mean that all mechanical pin tumbler locks are poor. Ever tried to pick a Porsche back when they still used mechanical keys for entry and the ignition? Mechanical locks can be quite secure, but like fine quality Swiss watches, good ones are relatively expensive.

  15. Re:Volkswagen, again by Knuckx · · Score: 2

    Real Fords are unaffected; if you read the paper, the vulnerable model are the Ka Mk2 and onward, which are actually rebadged Fiat 500's.
    No Ford actually designed or engineered by Ford is in the list.

  16. That's what I was going to say. 2012 Dodge Charger by raymorris · · Score: 1

    I was going to say exactly that. I have one key fob for me Charger, but I lose things, so I expect I'll lose it at some point, or break it. I'd love to crack it first. I hate to spend several hundred dollars on a spare.

    I understand that slightly older Dodge vehicles can be hacked wirelessly through the infotainment system, but I don't think that hack applies to my car.

  17. Re:As always, the ASIAN cars are safest of all by Anonymous Coward · · Score: 0

    Those are japanese cars, not asian cars.

  18. This just in by holophrastic · · Score: 0

    keys can be copied. shocker. not new to electronic keys. not new to wireless keys. has there ever been a key that couldn't be copied?

    what "can" be done has never mattered. what "is" done is all that matters.

    if keys are copied and cars are stolen, it's not a problem for car makers -- just like if my pen gets stolen, it's not a problem for pen makers. That car makers include some kind of security feature in the form of a key is nice, but I don't think that key is even mentioned in the car's warranty.

    if cars are stolen, it's the problem of law enforcement, law creators, or your educational/economic systems. You ain't gonna resolve theft with security -- no one ever has.

    My old pens said: "This pen stolen from,,,". My new pens say: "If you don't shave your head, this isn't your pen."

    1. Re:This just in by Anonymous Coward · · Score: 0

      Thing is with a physical key is that it doesn't put itself on display for everybody within 50 feet every time it's used for them to see it and copy it.

    2. Re:This just in by boristdog · · Score: 1

      Yeah, I can still open my 2010 truck with a coat hanger, so I ain't to worried.

    3. Re:This just in by holophrastic · · Score: 2

      You're right. It's just sitting in my pocket, on my desk, in a bowl, for anyone to take at any time without my knowledge. Pick any movie from the '90s. I'll start. The Thomas Crown Affair.

      Keys aren't meant to keep people out. My house's front door is protected by a key -- only one key will fit the lock. And next to the door is a big glass window -- any key in the world will shatter that window..

      Keys, like most security, are meant to require an attacker to escalate their attacks -- so the 7 year-old down the street won't accidentally enter my house, and so the expert burglar needs to actually do something that's always illegal. See, opening the door to my house is legal under so many circumstances. But picking the lock is legal under so very few.

      The only security measure that's meant to keep people out is, and always has been, another person.

    4. Re:This just in by holophrastic · · Score: 1

      Good one. Let's crowdsource a list, shall we?

      Coat Hanger
      Slim Jim
      Air Bag
      from-inside-the-trunk
      a knife through the rag top convertible
      just plain forcing down the window with a glass-transport suction cup
      jumping into the open convertible on a nice day
      ten guys picking up a small car and carrying it away
      four guys picking up half a small car and dragging it away
      loading a small car into a large truck
      using any tow truck on any car
      a crow bar
      a window-breaker

      Yeah, it's the wireless that's the problem. Sure.

  19. Re:Volkswagen, again by Anonymous Coward · · Score: 0

    No Ford actually designed or engineered by Ford is in the list.

    Nobody wants one. They can be stripped down on the spot. All I need are some tail light covers and the light bulb for the rear license plate. You know what a nuisance those roadside "safety" inspections can be, well, if you're black.

  20. Re:Volkswagen, again by Anonymous Coward · · Score: 0

    You are a nasty wasty individual.

  21. Re:Volkswagen, again by Hylandr · · Score: 1

    This joke is older than the exploit.

    --
    ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
  22. Re:Volkswagen, again by Hylandr · · Score: 1

    I get pulled over for burned out lamps too. Must be cause I am white. :(

    --
    ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
  23. Re:As always, the ASIAN cars are safest of all by Anonymous Coward · · Score: 0

    You're not being serious are you?

  24. Re:Volkswagen, again by drinkypoo · · Score: 1

    All the affected Audis have Bosch PCMs, and the immobilizer is in the PCM itself on many of them including my 1997 A8, which has a later ME5 sadly and not a ME7.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  25. Re:Volkswagen, again by Anne+Thwacks · · Score: 2
    A couple of years ago (about 7 really) I got stopped for a faulty headlight bulb, just down the road from my home. Three cops standing round booking me. The owner of the copy shop by the side of the road come shout shouting "My shop is being robbed!"

    The cops continue booking me. The guys is screaming till he goes blue!

    --
    Sent from my ASR33 using ASCII
  26. i have an idea! by kaatochacha · · Score: 3, Insightful

    It's a shame someone hasn't invented a physical device that cannot be remotely skimmed, which the person could carry upon themselves and use with a physical interface to unlock the door. Perhaps a series of notches on some item that would inserted into the car?

    1. Re:i have an idea! by Anonymous Coward · · Score: 1

      But physical devices are too vulnerable. All someone needs to do is take a high-quality picture of the device, and it can then be copied and printed on a 3D printer in a matter of hours.

    2. Re:i have an idea! by Anonymous Coward · · Score: 0

      hey, i have one of those on my project car. It is very convenient as it also unlocks the parts car...errr, wait a second.....

      at least it doesn't broadcast the fact to the world.

    3. Re:i have an idea! by Anonymous Coward · · Score: 0

      Yeah, but what if someone uses one of those futuristic star trek inspired communicator ... to make a remote optical scan of your notched device, and then beam the information to the a machine that creates replicas of 3d objects.

      tl;dr: The future is now. Your door key isn't as safe as you think. Someone can take a pic of your with their cell and then 3d print your car key. (Sure, the key probably has a chip in it, but that's only checked for the ignition.)

    4. Re:i have an idea! by Anonymous Coward · · Score: 1

      (Sure, the key probably has a chip in it, but that's only checked for the ignition.)

      Actually, that's not true. My car (a 2004 Holden Commodore - a full sized general purpose everyday family car, for the non Australians) has a built in alarm that sounds if you open it with the physical key when it had been locked with the remote.
      It's probably its most annoying feature - since it also warns you via the same method if you lock the car with one of the doors open.

    5. Re:i have an idea! by Anonymous Coward · · Score: 0

      A picture alone probably wouldn't be accurate enough for a high quality pin tumbler lock. A wax impression probably would be, but that's a bit harder to get without the target knowing.

    6. Re:i have an idea! by Anonymous Coward · · Score: 0

      http://singularityhub.com/2011/06/29/your-keys-can-be-copied-from-a-picture-taken-200-feet-away/

    7. Re:i have an idea! by Anonymous Coward · · Score: 0

      That, as Rainer Wolfcastle would say, is the joke.

  27. Just turn off Javascript on Wired.com by Anonymous Coward · · Score: 0

    I have a little button on my browser that turns Javascript off/on, works great on Wired.

  28. easier way by Anonymous Coward · · Score: 0

    use a flatbed tow truck.

  29. So can a Rock by Anonymous Coward · · Score: 0

    We are only talking about the ability to unlock the car, there are several tools on the market which can open nearly any car in the $100 price range. Let alone the no tech solution of a rock to the window. Which wouldn't even set off any alarm unless you opened the door afterwards. We aren't talking the ability to steal the car, only unlock it.. Pretty irrelevant in my eyes.

  30. Re:Volkswagen, again by kaatochacha · · Score: 1

    If they fine you, money for the dept.
    If they stop a thief, no money for the dept.

  31. Typical that it'd be Brummies nicking cars by Anonymous Coward · · Score: 0

    When I was in school in the midlands we used to joke that we had lessons in how to steal cars; how ironic that academics in Brum are now using intelligence rather than the tool we used to employ: house bricks ;)

  32. Never buy German cars by Anonymous Coward · · Score: 0

    Let this be a lesson, never buy over-priced, cheating, expensive to repair, German lemon cars.

    1. Re:Never buy German cars by Anonymous Coward · · Score: 0

      I don't think a single car that fits that description exists, unless you consider Opel and Ford German. Besides, Alfa Romeo, Citroen, Fiat, Mitsubishi, Nissan and Peugeot are most definitely not German.

  33. Next thing you know hackers will control the brake by Anonymous Coward · · Score: 0

    Next thing you know the hackers will control the steering wheel. The next thing you know, the CIA will off people by driving their car into a tree at high speeds via wireless remote control over some CAN bus lines.

  34. VW making so many new friends! by Anonymous Coward · · Score: 0

    VW has always been a mechanic's best friend. Now it seems they are a thieves best friend too.

  35. Hello, I can see you!! by Anonymous Coward · · Score: 0

    This is all well and good (or bad depending) but my experience with my own VW golf is that the fob only works when I'm within 30 or 40 feet of the car. I'm thinking I'd be able to see someone lurking about with the hardware to snoop on the signal from the fob. Then what good will it do them because I'm going to jump in the car and drive it to somewhere else. Unless the snooper is targeting me and knows my habits, for example snoop the fob signal when I'm on my own drive so they know I'll be back later, then they have no reason to thing that they will randomly come across me again. If they are deliberately targeting me then I've got more problems than I thought. Even then if I unlock my car on my drive I'm likely to see someone close enough to intercept the signal and be suspicious.