Do you remember when cars could only be opened by using a key? Not an electronic key fob that allows you to simply push a button, but a key that was similar to the one you use to open the door of your home. With the information that’s been revealed by a research team from the University of Birmingham in a collaboration with the German engineering firm of Kasper & Oswald over 100 million Volkswagen models can be hacked into with a device that costs no more than $40 for all the parts.
This new which has been revealed at the Usenix Security Conference confirms the ease of capturing the rolling codes that are used in electronic key fobs. What’s worse is the fact that for all the Volkswagen models affected there are only four rolling codes meaning once one is captured the key fob created could essential open millions of VW models easily. Using a component of the internal network this device can capture a cryptographic key which can be transferred to the hardware which captures the second key from the fob that is unique to that vehicle. This combination of keys is all that’s needed to gain access to a car and the device only needs to be within 300 feet of the vehicle to make the transition.
Thankfully, VW has already received this information and has begun to update its systems to keep this from happening in the future. The MK7 Golf is a vehicle that’s currently invulnerable to this hacking. It seems that with all the turmoil that’s surrounded Volkswagen over the past twelve months this was simply one bit of information they didn’t need, but the reality is the VW models aren’t even the easiest to hack and gain access to.
The team worked together to make similar hacks to other models of vehicles and found that it’s even easier to gain access to millions of Chevrolet, Ford, Mitsubishi, Nissan and other brand models. This alone should serve as a serious warning to the automotive industry that they need to do something about these hacks that can happen to their vehicles. It’s becoming more and more important to upgrade the security and increase the level of difficulty involved in actually being able to access a vehicle. Once a thief has access, especially electronically, they can take the vehicle easily and $40 isn’t much of an investment when compared to the return of several vehicles that can be stolen.
If nothing else, this should serve as a huge warning that we’ve gotten ahead of ourselves with technology. The simple reality is that it might be much more difficult for a thief to pick a lock, use a “slim jim” device or even physically break into a car than to hack the electronic system and drive off in the vehicle. The physical break in would serve as a sign to others around that something is wrong as well whereas the thief using the electronic device wouldn’t give off the appearance of tampering with the vehicle.