New wireless hack can unlock almost every VW made since 1995

Security researchers have discovered how to remotely unlock hundreds of millions of cars, including almost every car Volkswagen has sold since 1995.

According to a report by Wired, the researchers will present their findings on how to use a software defined radio to unlock the vehicles at the Usenix security conference this week.

In terms of the VW models affected, only the latest Golf-based models (Golf 7) are safe from the vulnerability.

Flavio Garcia from the University of Birmingham led a group of hackers who reverse-engineered a “Volkswagen component” to extract a cryptographic key value that is common to a number of the manufacturer’s vehicles.

The key value was then combined with a unique value encoded into a key fob for an individual car – which was obtained via “electronic eavesdropping”.

This is done when the owner of the car presses the key fob button to unlock their vehicle. The value is captured via radio equipment, which must be within 100 metres of the key when it is pressed.

This gave the researchers a clone key that could unlock that car. This can be done to multiple key fobs, and the unique code only has to be captured once.

The report stated that VW has acknowledged the vulnerability.

The researchers also exploited an older cryptographic scheme called HiTag2, and using electronic eavesdropping cracked the scheme in under one minute.

The second exploit affects Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot vehicles, stated the report.

“Both attacks use a cheap, easily-available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key,” said Wired.