Slashdot Mirror
A New Wireless Hack Can Unlock Almost Every Volkswagen Sold Since 1995 (arstechnica.com)
Volkswagen isn't having the best of times. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years are vulnerable to theft because keyless entry systems can be hacked using cheap technical devices, reports Wired (alternate source). Security experts of the University of Birmingham were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars. ArsTechnica reports: The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob -- obtained with a little electronic eavesdropping, say -- you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg (writer at Wired) notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute.
Keyword: since
My key fob broke and Dodge wants several hundred dollars to replace it with a new one.
Plus, it would be way cooler to walk around with a Raspberry Pi on my keychain that opens my car, everyone else car, and turns down the radio of the car parked next to me at a red light.
So in 1995, we also saw SHA1 formally accepted as a standard. And SHA1 is now considered to weak to be secure against well-funded attackers.
The standard VW used had to be developed prior to 1995 if it was in production for the 1995 model year, so it's not surprising that it is more vulnerable. Compute capabilities have grown quite a bit.
The only real problem I see is that VW is still using 90s-era crypto in modern vehicles. I'm not surprised by this, and I'd be shocked if they were the only ones---but it is still a problem.
Cars with remote start and smartphone integration really need to have software support and upgrades over their anticipated lifespan. Sorry if it's a hassle, but cars are IT devices now.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
The page at Wired requires tons of third-party Javascript and then tries to block ad blockers, so here's a link to the raw PDF:
https://assets.documentcloud.org/documents/3010178/Volkswagen-amp-HiTag2-Keyless-Entry-System.pdf
Well, you can do the ObMythbusters who tested exactly that and found... it still works great, even after being submerged for 45 minutes.
Or you can realize that it's pretty waterproof as it is, otherwise they'd short out in a moderate rainstorm - battery being in the engine compartment and getting wet, and the doors getting water inside of them too.
No, what really prevents the windows from opening is water pressure - and even a manual crank is too weak to open a window in a fully submerged car.
It's a shame someone hasn't invented a physical device that cannot be remotely skimmed, which the person could carry upon themselves and use with a physical interface to unlock the door. Perhaps a series of notches on some item that would inserted into the car?
Yes, I test this weekly just to be safe.