Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Transportation Wireless Networking

A New Wireless Hack Can Unlock Almost Every Volkswagen Sold Since 1995 (arstechnica.com) 115

Volkswagen isn't having the best of times. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years are vulnerable to theft because keyless entry systems can be hacked using cheap technical devices, reports Wired (alternate source). Security experts of the University of Birmingham were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars. ArsTechnica reports: The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob -- obtained with a little electronic eavesdropping, say -- you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg (writer at Wired) notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute.
This discussion has been archived. No new comments can be posted.

A New Wireless Hack Can Unlock Almost Every Volkswagen Sold Since 1995

Comments Filter:
  • I only have one keyfob and it isn't actually paired with the car anyways - I have to open it old-school.

  • You never buy a car with power windows.... every convenience is either an attack surface and/or a money sink when it needs to be repaired.

    • power windows and power door locks are a GOOD SAFETY FEATURE.

      ever drive thru a bad area?

      then you'll understand.

      • power windows and power door locks are a GOOD SAFETY FEATURE.

        ever drive thru a bad area?

        then you'll understand.

        As long as it makes you feel better, I suppose. I used to live in bad areas. You do realize that the sound of those lock actuators are very audible outside the car too, right?

        At best, it'll make a bunch of people laugh at you. I've seen guys go up and punch the side window out of people cars when they lock them just for fun. And that window, or even the door panel isn't going to stop a bullet, no matter how many times you've seen it do so on TV or in the movies.

        Either lock your doors when you get in your

        • Re: (Score:3, Insightful)

          let them punch my windows. in my whole life, I've never seen a FIST break a window. I think you are full of shit, my friend.

          • by rgbscan ( 321794 )

            I dunno, I've seen a cop tear a window out with his bare hands. Look on youtube at "Man refuses to give license, gets tazed" uploaded by instajustice, at 2:13. Crazy.

          • You don't get out much do you? http://www.dailymail.co.uk/new... [dailymail.co.uk]
          • by sjames ( 1099 )

            All it takes is a ring with a point on it.

          • By the time they manage to break through the safety glass my legally owned and operated handgun will be at the ready, so it doesn't really matter, though I agree he is full of shit.

            • Check out the 30(21) foot rule of fighting one day. Might make you think twice about how safe you are with that handgun. "Originating from research by Salt Lake City trainer Dennis Tueller "rule" states that in the time it takes the average officer to recognize a threat, draw his sidearm and fire 2 rounds at center mass, an average subject charging at the officer with a knife or other cutting or stabbing weapon can cover a distance of 21 ... Edged Weapon Defense: Is or was the 21-foot Rule Valid?" Said
            • By the time they manage to break through the safety glass my legally owned and operated handgun will be at the ready, so it doesn't really matter,

              This was just stupid teenage kid stuff. They'd run up and punch the window and run away. They didn't always break. The idea was to scare the hell out of the driver. Most of the time the person in the car ran the red light to get out of there.

              Just what do you think is going to happen if you shoot some kid in the ghetto who's pulling a prank? You're either going to go to jail for a very long time or get yourself killed.

              I can't say I've really looked into it, but I'd guess it would have been easier to brea

          • let them punch my windows. in my whole life, I've never seen a FIST break a window.

            In my whole life, I've never seen an atom either or Antarctica for that matter. I'm pretty sure they exist.

            Obviously we grew up in much different places. Your parents probably didn't encourage you to fight either. Many of my friends parents did when I was younger. Mine didn't actively encourage it, but they didn't discourage it either.

            I think you are full of shit, my friend

            Yes, obviously you must know all and see all.

        • Luckily most of us come from countries where a "bad area" means that somebody *might* try opening your door to steal a bag on the passenger seat, not start firing bullets at you.

      • Yeah, power windows and locks are great, until you drive into water, short out the electrical system, and are trapped inside the car. Rule of thumb: EVERY automatic system should have a manual backup! (To BMW's credit, their electric sunroof comes with a crank handle that can be used to close the sunroof when the electric motor fails. Not sure how many other manufacturers do this.)
        • Re: (Score:2, Informative)

          by Anonymous Coward

          In the U.S., cars will unlock with the mechanical motion of pulling the handle from the inside or must have the ability to be unlocked mechanically without electrical power. It's an NHTSA requirement for safety.

          • In the U.S., cars will unlock with the mechanical motion of pulling the handle from the inside or must have the ability to be unlocked mechanically without electrical power. It's an NHTSA requirement for safety.

            Have you ever tried opening a car door under water with the windows shut?

            • Re: (Score:3, Funny)

              by Anonymous Coward

              Yes, I test this weekly just to be safe.

        • Re:this is why (Score:4, Informative)

          by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Thursday August 11, 2016 @02:24PM (#52686055)

          Yeah, power windows and locks are great, until you drive into water, short out the electrical system, and are trapped inside the car. Rule of thumb: EVERY automatic system should have a manual backup! (To BMW's credit, their electric sunroof comes with a crank handle that can be used to close the sunroof when the electric motor fails. Not sure how many other manufacturers do this.)

          Well, you can do the ObMythbusters who tested exactly that and found... it still works great, even after being submerged for 45 minutes.

          Or you can realize that it's pretty waterproof as it is, otherwise they'd short out in a moderate rainstorm - battery being in the engine compartment and getting wet, and the doors getting water inside of them too.

          No, what really prevents the windows from opening is water pressure - and even a manual crank is too weak to open a window in a fully submerged car.

        • Yeah, power windows and locks are great, until you drive into water, short out the electrical system, and are trapped inside the car.

          That's why you have combination hammer/seatbelt cutter [amazon.com] readily available.

  • Good, it should then be easy for VW to update all their cheating smog applications.

  • by burhop ( 2883223 ) on Thursday August 11, 2016 @01:26PM (#52685637)

    My key fob broke and Dodge wants several hundred dollars to replace it with a new one.

    Plus, it would be way cooler to walk around with a Raspberry Pi on my keychain that opens my car, everyone else car, and turns down the radio of the car parked next to me at a red light.

    • by phorm ( 591458 )

      Pi might be a bit inconvenient for that. How about a smartphone app?

    • I was going to say exactly that. I have one key fob for me Charger, but I lose things, so I expect I'll lose it at some point, or break it. I'd love to crack it first. I hate to spend several hundred dollars on a spare.

      I understand that slightly older Dodge vehicles can be hacked wirelessly through the infotainment system, but I don't think that hack applies to my car.

    • by quenda ( 644621 )

      My key fob broke and Dodge wants several hundred dollars to replace it with a new one.

      So you car still starts, but no keyless entry?
      You should be able to get cheap generic fobs and receiver, and wire it to the unlock button inside your car.

      • by burhop ( 2883223 )

        My key fob broke and Dodge wants several hundred dollars to replace it with a new one.

        So you car still starts, but no keyless entry?
        You should be able to get cheap generic fobs and receiver, and wire it to the unlock button inside your car.

        Weekend project! Whoo hooo!

  • Partially Expected (Score:5, Insightful)

    by EndlessNameless ( 673105 ) on Thursday August 11, 2016 @01:31PM (#52685671)

    So in 1995, we also saw SHA1 formally accepted as a standard. And SHA1 is now considered to weak to be secure against well-funded attackers.

    The standard VW used had to be developed prior to 1995 if it was in production for the 1995 model year, so it's not surprising that it is more vulnerable. Compute capabilities have grown quite a bit.

    The only real problem I see is that VW is still using 90s-era crypto in modern vehicles. I'm not surprised by this, and I'd be shocked if they were the only ones---but it is still a problem.

    Cars with remote start and smartphone integration really need to have software support and upgrades over their anticipated lifespan. Sorry if it's a hassle, but cars are IT devices now.

    • *too weak

      Dammit.

    • by Anonymous Coward

      Cars with remote start and smartphone integration really need to have software support and upgrades over their anticipated lifespan. Sorry if it's a hassle, but cars are IT devices now.

      Like our phones, you mean?

      • by Hylandr ( 813770 )

        If you own a Dodge built around 2000+ then yes.

        And they used GPIO for most of it. Including the transmission shifting.

    • by Hylandr ( 813770 )

      Compute capabilities have grown quite a bit.

      Is anyone missing their old 486DX4 100?

  • by Anonymous Coward on Thursday August 11, 2016 @01:36PM (#52685699)

    The page at Wired requires tons of third-party Javascript and then tries to block ad blockers, so here's a link to the raw PDF:

    https://assets.documentcloud.org/documents/3010178/Volkswagen-amp-HiTag2-Keyless-Entry-System.pdf [documentcloud.org]

  • by Anonymous Coward
    devices thing may be getting out of hand. Besides car entry and starting lack of security, we have Blue Tooth door locks that broadcast their pass code in plain text, thermostats that send info to their manufacturer about where householders may be or not be, "smart" TVs with audio pickup and maybe video being compromised so as to pass their data to who knows where, refrigerators sending personal info in the clear to where ever, and most recently Blue Tooth enabled vibrators sending usage information to its
    • The Internet of Things. Turns out "Things" are a pretty gossipy bunch! Yes, most wireless-enabled front doorlocks are inherently insecure, I think the Kwikset was they only one they haven't found problems with... yet.
      • by Anonymous Coward

        Yeah, but Kwiksets are trivial to pick mechanically. They only have 4 pins and you can bump the lock manually really easily. So adding secure electronics on top of that doesn't matter...

  • keys can be copied. shocker. not new to electronic keys. not new to wireless keys. has there ever been a key that couldn't be copied?

    what "can" be done has never mattered. what "is" done is all that matters.

    if keys are copied and cars are stolen, it's not a problem for car makers -- just like if my pen gets stolen, it's not a problem for pen makers. That car makers include some kind of security feature in the form of a key is nice, but I don't think that key is even mentioned in the car's warranty.

    if

    • Yeah, I can still open my 2010 truck with a coat hanger, so I ain't to worried.

      • Good one. Let's crowdsource a list, shall we?

        Coat Hanger
        Slim Jim
        Air Bag
        from-inside-the-trunk
        a knife through the rag top convertible
        just plain forcing down the window with a glass-transport suction cup
        jumping into the open convertible on a nice day
        ten guys picking up a small car and carrying it away
        four guys picking up half a small car and dragging it away
        loading a small car into a large truck
        using any tow truck on any car
        a crow bar
        a window-breaker

        Yeah, it's the wireless that's the problem. Sure.

  • i have an idea! (Score:4, Insightful)

    by kaatochacha ( 651922 ) on Thursday August 11, 2016 @03:28PM (#52686439)

    It's a shame someone hasn't invented a physical device that cannot be remotely skimmed, which the person could carry upon themselves and use with a physical interface to unlock the door. Perhaps a series of notches on some item that would inserted into the car?

    • by Anonymous Coward

      But physical devices are too vulnerable. All someone needs to do is take a high-quality picture of the device, and it can then be copied and printed on a 3D printer in a matter of hours.

You know you've landed gear-up when it takes full power to taxi.

Working...