SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
12 Aug 2016

Car thieves can unlock 100 million Volkswagens with a simple wireless hack

Next time when you leave your car in a parking lot, make sure you don't leave your valuables in it, especially if it's a Volkswagen. What's more worrisome? The new attack applies to practically every car Volkswagen has sold since 1995.

There are two distinct vulnerabilities present in almost every car sold by Volkswagen group after 1995, including models from Audi, Skoda, Fiat, Citroen, Ford and Peugeot.

Computer scientists from the University of Birmingham and the German engineering firm Kasper & Oswald plan to present their research [PDF] later this week at the Usenix security conference in Austin, Texas. Attack 1 — Using Arduino-based RF Transceiver (Cost $40)! The first attack can be carried out using a cheap radio device that can be made for just $40 with a small control board and a radio receiver, but is capable of eavesdropping and recording the rolling code values used by keyless entry systems.

The code values are included in the signal sent every time a driver presses the key fob’s buttons, which is then used together to emulate a key that is unique to every vehicle. The researchers then managed to reverse engineer one component inside a Volkswagen's network and were able to extract a cryptographic key that is shared among millions of Volkswagen vehicles.

Now, combining the two supposedly secret keys, the researchers were able to clone the key fob and access to the car. "With the knowledge of these keys, an adversary only has to eavesdrop a single signal from a target remote control," the researchers wrote in their paper. "Afterwards, he can decrypt this signal, obtain the current UID and counter value, and create a clone of the original remote control to lock or unlock any door of the target vehicle an arbitrary number of times."

Although the team did not reveal the components they used to extract the keys to prevent potential car hackers from exploiting the weakness. However, they warned that if skilled hackers find and publicize those shared keys, each one could leave tens of Millions of cars vulnerable. In past 20 years, just the four most common keys are used in all the 100 Million cars sold by Volkswagen. Only the most recent VW Golf 7 model and others that use unique keys are immune to the attack.

Attack 2 — Hijack with HiTag2 and A Radio Device in 60 Seconds

In the second attack, the team managed to attack a cryptographic scheme called HiTag2 -- decades old rolling code scheme but still used in Millions of vehicles, including Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford. To carry out this attack, all a hacker needs is a radio setup similar to the one used in the above hack. Using a radio device, the researchers were able to intercept and read a string of the coded signals (rolling code number that changes unpredictably with every button press) from the driver's key fob.

With the collection of rolling codes, the researchers discovered that flaws in the HiTag2 scheme would allow them to crack the cryptographic key in as little as one minute. Since the above two attacks focus on unlocking cars rather than stealing them, the lead researcher Flavio Garcia told these attacks might be combined with already exposed bugs in the HiTag2 and Megamos 'immobilizer' systems, allowing "Millions of Volkswagens and other vehicles ranging from Audis to Cadillacs to Porsches to be driven by thieves."

This is not the first time this team of researchers has targeted Volkswagen, it discovered a way to start Volkswagen cars' ignitions in 2013, but had to withhold their findings for two years because VW Group threatened to sue them. The researchers have reported the flaws to VW Group and agreed not to disclose the cryptographic keys, part numbers of vulnerable components, and how they reverse-engineered the processes. Car hacking is a hot topic today. Recently, security researcher Benjamin Kunz Mejri disclosed zero-day flaws resided in the official BMW web domain and ConnectedDrive portal that allowed attackers to tamper remotely with BMW's In-Car Infotainment System.

Previous research demonstrated hackers capabilities to hack a car remotely and control its steering and brakes and to disable car's critical functions like airbags by exploiting security bugs affecting significant automobiles. Keeping these risks in mind, in April this year, the Michigan state Senate proposed two bills that introduce life sentences in prison for people who hack into cars’ electronic systems. Also, the FBI issued a public announcement warning people about the risks of car hacking. So, folks, your cars are not a safe place.

Tags:
information leaks hackers
Source:
The Hacker News
1914
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015