A New Wireless Hack Can Unlock Almost Every Volkswagen Sold Since 1995 (arstechnica.com) 115
Volkswagen isn't having the best of times. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years are vulnerable to theft because keyless entry systems can be hacked using cheap technical devices, reports Wired (alternate source). Security experts of the University of Birmingham were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars. ArsTechnica reports: The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob -- obtained with a little electronic eavesdropping, say -- you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg (writer at Wired) notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute.
Re:New tech defeats old tech (Score:4, Informative)
Keyword: since
Re: (Score:2)
Right. Why should we believe that the wireless hack is new if the car it opens "since" 1995 is not...
It is more likely that if a key exists to open doors for twenty years that it is not new. Its probably twenty years old.
The only thing new here is the clue to the clueless.
Re: (Score:2)
Also, this is new tech defeating stupid implementations.
Re: New tech defeats old tech (Score:1)
Well, I'm in the clear. (Score:2)
I only have one keyfob and it isn't actually paired with the car anyways - I have to open it old-school.
Re: (Score:2)
I have a toddler that LOVES to push the panic button on the Ford's remote. Nah, about the only thing I'm really missing is opening the trunk without going to the drivers side door first, or opening the rear passenger door to shove the toddler into his seat first. Guess with time they decided you only need one keyhole on the outside of the car.
this is why (Score:2)
You never buy a car with power windows.... every convenience is either an attack surface and/or a money sink when it needs to be repaired.
Re: (Score:2)
power windows and power door locks are a GOOD SAFETY FEATURE.
ever drive thru a bad area?
then you'll understand.
Re: (Score:2)
power windows and power door locks are a GOOD SAFETY FEATURE.
ever drive thru a bad area?
then you'll understand.
As long as it makes you feel better, I suppose. I used to live in bad areas. You do realize that the sound of those lock actuators are very audible outside the car too, right?
At best, it'll make a bunch of people laugh at you. I've seen guys go up and punch the side window out of people cars when they lock them just for fun. And that window, or even the door panel isn't going to stop a bullet, no matter how many times you've seen it do so on TV or in the movies.
Either lock your doors when you get in your
Re: (Score:3, Insightful)
let them punch my windows. in my whole life, I've never seen a FIST break a window. I think you are full of shit, my friend.
Re: (Score:2)
I dunno, I've seen a cop tear a window out with his bare hands. Look on youtube at "Man refuses to give license, gets tazed" uploaded by instajustice, at 2:13. Crazy.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
All it takes is a ring with a point on it.
Re: (Score:3)
By the time they manage to break through the safety glass my legally owned and operated handgun will be at the ready, so it doesn't really matter, though I agree he is full of shit.
Re: (Score:3)
Re: (Score:2)
Re: (Score:1)
By the time they manage to break through the safety glass my legally owned and operated handgun will be at the ready, so it doesn't really matter,
This was just stupid teenage kid stuff. They'd run up and punch the window and run away. They didn't always break. The idea was to scare the hell out of the driver. Most of the time the person in the car ran the red light to get out of there.
Just what do you think is going to happen if you shoot some kid in the ghetto who's pulling a prank? You're either going to go to jail for a very long time or get yourself killed.
I can't say I've really looked into it, but I'd guess it would have been easier to brea
Re: (Score:1)
let them punch my windows. in my whole life, I've never seen a FIST break a window.
In my whole life, I've never seen an atom either or Antarctica for that matter. I'm pretty sure they exist.
Obviously we grew up in much different places. Your parents probably didn't encourage you to fight either. Many of my friends parents did when I was younger. Mine didn't actively encourage it, but they didn't discourage it either.
I think you are full of shit, my friend
Yes, obviously you must know all and see all.
Re: (Score:2)
Luckily most of us come from countries where a "bad area" means that somebody *might* try opening your door to steal a bag on the passenger seat, not start firing bullets at you.
Re: (Score:2)
In my country, that happens in the "good" areas!
Re: (Score:2)
Re: (Score:2, Informative)
In the U.S., cars will unlock with the mechanical motion of pulling the handle from the inside or must have the ability to be unlocked mechanically without electrical power. It's an NHTSA requirement for safety.
Re: (Score:3)
In the U.S., cars will unlock with the mechanical motion of pulling the handle from the inside or must have the ability to be unlocked mechanically without electrical power. It's an NHTSA requirement for safety.
Have you ever tried opening a car door under water with the windows shut?
Re: (Score:3, Funny)
Yes, I test this weekly just to be safe.
Re:this is why (Score:4, Informative)
Well, you can do the ObMythbusters who tested exactly that and found... it still works great, even after being submerged for 45 minutes.
Or you can realize that it's pretty waterproof as it is, otherwise they'd short out in a moderate rainstorm - battery being in the engine compartment and getting wet, and the doors getting water inside of them too.
No, what really prevents the windows from opening is water pressure - and even a manual crank is too weak to open a window in a fully submerged car.
Re: (Score:2)
That's why you have combination hammer/seatbelt cutter [amazon.com] readily available.
Re: (Score:3)
It depends on the make model mine is like $200 a door for the motor and assembly then $30 for the switch... then you have to drill out all the pop rivets if it's never been changed before and good luck installing the new motor and assembly hope you have tiny hands... sound like a crappy Saturday to me...
Re: (Score:2)
This is why I keep Donald Trump on speed dial. $230 is pocket litter, and his tiny hands can fit down into the innards of the car door.
Re: (Score:1)
I have a Luddite coworker who shares your mistaken belief that power windows are some kind of problem. Regular windows fail too, and replacing a power window drive system is inexpensive and easy.
I think the only failure I've ever had with manual windows is for the $.50 spring clip that holds the crank on gets lost after removing it to fix something else. Power window regulators typically run $100+. I've replaced too many of those to count over the years. Plus the time it takes to do so. I've also had to replace the switches in the passengers doors on occasion, which were relatively cheap. But the two times I've had to replace the drivers side it's the entire switch cluster. That was around $200 eac
Drive-by fix (Score:2)
Good, it should then be easy for VW to update all their cheating smog applications.
Can someone hack the Dodge Charger next? (Score:4, Funny)
My key fob broke and Dodge wants several hundred dollars to replace it with a new one.
Plus, it would be way cooler to walk around with a Raspberry Pi on my keychain that opens my car, everyone else car, and turns down the radio of the car parked next to me at a red light.
Re: (Score:1)
Pi might be a bit inconvenient for that. How about a smartphone app?
That's what I was going to say. 2012 Dodge Charger (Score:2)
I was going to say exactly that. I have one key fob for me Charger, but I lose things, so I expect I'll lose it at some point, or break it. I'd love to crack it first. I hate to spend several hundred dollars on a spare.
I understand that slightly older Dodge vehicles can be hacked wirelessly through the infotainment system, but I don't think that hack applies to my car.
Re: (Score:2)
My key fob broke and Dodge wants several hundred dollars to replace it with a new one.
So you car still starts, but no keyless entry?
You should be able to get cheap generic fobs and receiver, and wire it to the unlock button inside your car.
Re: (Score:1)
My key fob broke and Dodge wants several hundred dollars to replace it with a new one.
So you car still starts, but no keyless entry?
You should be able to get cheap generic fobs and receiver, and wire it to the unlock button inside your car.
Weekend project! Whoo hooo!
Partially Expected (Score:5, Insightful)
So in 1995, we also saw SHA1 formally accepted as a standard. And SHA1 is now considered to weak to be secure against well-funded attackers.
The standard VW used had to be developed prior to 1995 if it was in production for the 1995 model year, so it's not surprising that it is more vulnerable. Compute capabilities have grown quite a bit.
The only real problem I see is that VW is still using 90s-era crypto in modern vehicles. I'm not surprised by this, and I'd be shocked if they were the only ones---but it is still a problem.
Cars with remote start and smartphone integration really need to have software support and upgrades over their anticipated lifespan. Sorry if it's a hassle, but cars are IT devices now.
Re: (Score:2)
*too weak
Dammit.
Re: (Score:1)
Cars with remote start and smartphone integration really need to have software support and upgrades over their anticipated lifespan. Sorry if it's a hassle, but cars are IT devices now.
Like our phones, you mean?
Re: (Score:2)
If you own a Dodge built around 2000+ then yes.
And they used GPIO for most of it. Including the transmission shifting.
Re: (Score:2)
Compute capabilities have grown quite a bit.
Is anyone missing their old 486DX4 100?
Re: (Score:2)
Sometimes - much less bloat back in those days.
Direct link to PDF of research paper (Score:5, Informative)
The page at Wired requires tons of third-party Javascript and then tries to block ad blockers, so here's a link to the raw PDF:
https://assets.documentcloud.org/documents/3010178/Volkswagen-amp-HiTag2-Keyless-Entry-System.pdf [documentcloud.org]
This whole IoT, RF controlled... (Score:1)
Re: (Score:2)
Re: (Score:1)
Yeah, but Kwiksets are trivial to pick mechanically. They only have 4 pins and you can bump the lock manually really easily. So adding secure electronics on top of that doesn't matter...
This just in (Score:1)
keys can be copied. shocker. not new to electronic keys. not new to wireless keys. has there ever been a key that couldn't be copied?
what "can" be done has never mattered. what "is" done is all that matters.
if keys are copied and cars are stolen, it's not a problem for car makers -- just like if my pen gets stolen, it's not a problem for pen makers. That car makers include some kind of security feature in the form of a key is nice, but I don't think that key is even mentioned in the car's warranty.
if
Re: (Score:3)
You're right. It's just sitting in my pocket, on my desk, in a bowl, for anyone to take at any time without my knowledge. Pick any movie from the '90s. I'll start. The Thomas Crown Affair.
Keys aren't meant to keep people out. My house's front door is protected by a key -- only one key will fit the lock. And next to the door is a big glass window -- any key in the world will shatter that window..
Keys, like most security, are meant to require an attacker to escalate their attacks -- so the 7 year-old do
Re: (Score:2)
Yeah, I can still open my 2010 truck with a coat hanger, so I ain't to worried.
Re: (Score:2)
Good one. Let's crowdsource a list, shall we?
Coat Hanger
Slim Jim
Air Bag
from-inside-the-trunk
a knife through the rag top convertible
just plain forcing down the window with a glass-transport suction cup
jumping into the open convertible on a nice day
ten guys picking up a small car and carrying it away
four guys picking up half a small car and dragging it away
loading a small car into a large truck
using any tow truck on any car
a crow bar
a window-breaker
Yeah, it's the wireless that's the problem. Sure.
i have an idea! (Score:4, Insightful)
It's a shame someone hasn't invented a physical device that cannot be remotely skimmed, which the person could carry upon themselves and use with a physical interface to unlock the door. Perhaps a series of notches on some item that would inserted into the car?
Re: (Score:1)
But physical devices are too vulnerable. All someone needs to do is take a high-quality picture of the device, and it can then be copied and printed on a 3D printer in a matter of hours.
Re: (Score:1)
(Sure, the key probably has a chip in it, but that's only checked for the ignition.)
Actually, that's not true. My car (a 2004 Holden Commodore - a full sized general purpose everyday family car, for the non Australians) has a built in alarm that sounds if you open it with the physical key when it had been locked with the remote.
It's probably its most annoying feature - since it also warns you via the same method if you lock the car with one of the doors open.
Re: (Score:3)
If you even read the summary, you'll see that it's VW, Alfa, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.
Re: (Score:2)
This joke is older than the exploit.
Re: (Score:2)
Real Fords are unaffected; if you read the paper, the vulnerable model are the Ka Mk2 and onward, which are actually rebadged Fiat 500's.
No Ford actually designed or engineered by Ford is in the list.
Re: (Score:2)
I get pulled over for burned out lamps too. Must be cause I am white. :(
Re: (Score:3)
The cops continue booking me. The guys is screaming till he goes blue!
Re: (Score:2)
If they fine you, money for the dept.
If they stop a thief, no money for the dept.
Re: (Score:2)
All the affected Audis have Bosch PCMs, and the immobilizer is in the PCM itself on many of them including my 1997 A8, which has a later ME5 sadly and not a ME7.
Re: (Score:1)
RTFA:
The findings are to be presented at a security conference later this week and detail two different vulnerabilities...
The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear....
The second affects many more makes, "including Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg.