Nearly every Volkswagen car sold over the past two decades can be hacked to open its doors without a key, according to a newly released study.
Wired reports that the analysis, conducted by researchers from the University of Birmingham and German firm Kasper & Oswald, found a vulnerability in the keyless entry systems of VW models from 1995 to the present day — or approximately 100 million cars worldwide.
Researchers said that hackers could use cheap, readily available radio devices to intercept electronic signals from the vehicles' key fobs to make a copy.
Although the process of intercepting those signals is relatively complicated, hackers that gain access to one key can subsequently utilize the same cryptographic signals shared by millions of other vehicles. As a result, the study said that Volkswagen, Audi and Skoda drivers could see their cars compromised with no warning.
“You only need to eavesdrop once,” University of Birmingham computer scientist David Oswald told the website. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”
A second vulnerability identified in their report, meanwhile, affects the keyless entry system of numerous additional automakers, including Ford and Nissan as well as Fiat, Mitsubishi, Peugeot, Citroen, Opel and Alfa Romeo.
Birmingham computer scientist Flavio Garcia, who led a team that previously identified vulnerabilities in VW’s keyless ignitions, noted that those companies share older cryptographic systems and that automakers will need to make significant changes to maintain security as their cars become more connected and autonomous.
“It’s a bit worrying to see security techniques from the 1990s used in new vehicles,” Garcia told Wired.