I am affraid we don’t have a good news for you. Radio keys are a security risk: hackers crack them easily, proved researchers from Bochum: Million cars are affected.
Radio key are insecure: researchers from Bochum and Birmingham have intercepted signals, which sends a radio key on the car door, decrypts, and reproduced. NDR, WDR, and Süddeutsche Zeitung report. With the copied signal, you can easily open the door even without the original key. A considerable safety risk for car owners.
These manufacturers are affected by the vulnerability
100 million cars worldwide are affected by the vulnerability in Audi, VW, seat, Skoda, Fiat, Alfa Romeo, Lancia, Mitsubishi, Citroën, Opel, Ford, Dacia, Renault, Nissan and Peugeot are among the manufacturers.
Find your model in this collection?
Audi: A1, Q3, S3, TT, R8
VW: Amarok, beetle, Bora, caddy, crafter, EOS, Fox, golf 4-6, golf plus, Jetta, Lupo, Passat, Polo, T4, T5, Scirocco, Sharan, Tiguan, Touran, up, eUp
Seat: Alhambra, Altea, Arosa, Cordoba, Ibiza, Leon, MII, Toledo
Skoda: City go, Roomster, Fabia 1, Fabia 2, Octavia, superb, Yeti
Alfa Romeo: Guilietta type 940
Citroen: Nemo, jumper
Dacia: Logan II, Duster
Fiat: Punto type 188, 500, Abarth 500 Bravo, Doblo, Ducato, Fiorino, Grande Punto, Panda, Punto Evo, QUBO
Ford: Ka RU8, Lancia, Delta type 844, Musa, Mitsubishi, Colt Z30, Nissan Pathfinder, Navara, note, Qashqai, Micra, X-trail,
Opel: Astra model H, Corsa model D, Vectra model C, combo, Meriva, Zafira
Peugeot: Boxer, expert, 207
Renault: Mode, trafic, Twingo, Clio, master
Older VW keys are particularly easy to hack
Especially easily manages the decryption of radio signal for older VW models. Why? Because the Group has programmed only about a handful of cryptographic passphrases in all remote key in the last 21 years. “If this secret is then cracked, this is something like a cryptographic meltdown”, explains security researcher Timo Kasper. “According to our estimates the vulnerability’s 100 million cars could be affected.”
Kasper drew VW already in November 2015 on the vulnerability. And what says VW? That the security systems of up to 15-year-old vehicles have the same level of security as current vehicles. The latest generations of golf, Touran, Tiguan and Passat are not affected.
VW: Researchers should keep secret the trick
With the researchers was it “agreed, that the authors publish their scientific and mathematical knowledge, but without those sensitive content, the savvy criminal could use for an unauthorized intrusion into the vehicle”, a VW spokesman told the Sueddeutsche Zeitung.
The chipmaker NXP of the Netherlands has asked to speak. The researchers had also chopped its encryption technology Hitag2, however they had to catch four signals to, only one not as at VW. NXP said since 2009, we know that the process was uncertain. “At that time NXP has recommended all customers to initiate appropriate countermeasures and to replace the Hitag2 systems.”
And how to respond to affected owners? To do so, the group is silent so far. Without software update and key exchange affected only by one can protect themselves: forgo the remote key and the car classic up and close to.
But it is not the first time that security experts show how easy wireless connections hijack can open doors. by 2015, the hacker had demonstrated Samy Kamkar that almost any car lock and every garage door can open. Also, the other IT professionals showed last year that it could capture even a whole car and control from the outside.