As reported by MailOnline:
Hackers reveal flaw in over 100 cars kept secret by Volkswagen for TWO YEARS: Bug can be used to unlock everything from a Kia to a Lamborghini
Researchers have revealed a massive flaw in the remote controls used by hundreds of cars – and say Volkswagen and other manufacturers went to court two years ago to keep their discovery a secret.
Three European computer scientists say they have known about the flaws since 2012, and warned automakers.
The list of impacted cars includes luxury vehicles from Volkswagen’s Porsche, Audi, Bentley, and Lamborghini brands.
It’s used in keys and car fobs and is designed to stop an engine from starting if it is not in close proximity to the vehicle.
The transponder includes a 96-bit secret key, proprietary cipher, and 32-bit PIN code, but the researchers realised that its internal security was weaker.
The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilisers,’ the researchers write.
‘It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars.
‘At some point the mechanical key was removed from the vehicle but the cryptographic mechanisms were not strengthened to compensate.
‘We want to emphasise that it is important for the automotive industry to migrate from weak proprietary ciphers like this to community-reviewed ciphers … and use it according to the guidelines.’
One of the researchers, Flavio D. Garcia of the University of Birmingham, said: ‘It’s a bit like if your password was ‘password.’
A hacker could potentially become a valet driver and steal a fleet of cars, or steal a rental long after returning it using the flaw, it is believed.
The flaw was discovered by Garcia, as well as Bari? Ege and Roel Verdult of the Radboud University Nijmegen in the Netherlands.
The list of affected cars included several models made by Audi, Fiat, Honda, Kia, Volkswagen, Volvo and many others, which all rely on chips made by EM Microelectronic in Switzerland.
Volkswagen told MailOnline: ‘Volkswagen has an interest in protecting the security of its products and its customers.
‘In this connection Volkswagen does not make available information that might enable unauthorised individuals to gain access to its vehicles.
‘In all aspects of vehicle security, be this mechanical or electronic, Volkswagen goes to great lengths to ensure the security and integrity of its products against external malicious attack.’
HOW DOES THE HACK WORK?
The hack attacks a component known as the Megamos Crypto transponder – a tiny device in the car that checks whether the owner’s key fob is nearby before allowing the engine to start.
The transponder ‘talks’ to the keyfob wirelessly to check its identity – and if it can’t find the correct fob, it immobilises the engine.
In theory that identity has a 96-bit key, meaning there are countless billions of possible combinations and making it all but impossible to happen upon the right one by chance.
But the hackers discovered that by listening in to the wireless communication between the car and the transponder just twice, they could narrow the number of possible combinations to just 200,000.
That may still sound like a lot, but it’s few enough for an automated ‘cracking’ programme to try every one, allowing it to find the right combination in just half an hour.
And once you’ve found the right combination, it’s child’s play for the hackers to make a fake key that will be recognised by the car as the real deal.