A flaw affects tens of millions of Volkswagen vehicles

Volkswagen, Audi, Seat, Skoda, any brand of the Volkswagen group would present a breach in the contactless key system of most models in circulation since 1995. A revelation made by British researchers from the University of Birmingham and German engineers of the company Kasper & Oswald during the Usenix Security conference held in Austin until August 12. Their article is available online.

Using reverse engineering techniques, the authors found that some internal components of the device contained an encryption key that varies only according to the years and models. Our researchers have found that four variants for 100 million vehicles.

One can easily clone contactless key

Once we have this key, it remains only to intercept the radio signal sent when the owner presses the button without contact, because it includes a signature to each vehicle. To do this, no need for a sophisticated radar. A simple Arduino board to 40 dollars, equipped with a radio receiver and connected to a laptop enough. Provided be within 90 meters of the target vehicle. Armed with these two parameters, it is possible to clone the contactless keys to lock and unlock doors to leisure automobiles.

Adding however that recent models would not be affected by this vulnerability because they behave unique encryption keys.

Another flaw touch, this time-the Alfa Romeo, Citroen, Dacia, Fiat, Ford, Lancia, Mitsubishi, Nissan, Opel, Peugeot and Renault. Less obvious, however, that Volkswagen, it relates to an encryption program called HiTag2 old decades but still used by millions of vehicles.

Read more on BFM Tech

If vehicle manufacturers had to pay the owners following a car theft, rather than assurances that ask too often evidence of physical tampering, I think that these manufacturers would do anything to better secure cars, such as prevent that ‘they will unlock when the owner is 10 meters from it, 50 cm is sufficient.