A recent study suggests that hackers could use relatively inexpensive radio technology to unlock the doors of millions of vehicles around the world, including nearly every Volkswagen sold over the past two decades.
Researchers from the University of Birmingham and German firm Kasper & Oswald found that readily available radio devices could intercept the electronic signals from VW key fobs in most models from 1995 to the present day.
Although intercepting those keyless entry signals is a relatively complex process, hackers that gain access could then essentially make an exact copy. And because those Volkswagen, Audi and Skoda cars share the same cryptographic signals, hackers could also access approximately 100 million other cars worldwide.
“You only need to eavesdrop once,” Birmingham computer scientist David Oswald told WIRED. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”
Their report also detailed how numerous other automakers, including Ford, Nissan, Fiat, Mitsubishi, Peugeot, Citroen, Opel and Alfa Romeo, share older cryptographic systems that could also be exploited through intercepted signals.
Birmingham computer scientist Flavio Garcia, who led a team that previously identified vulnerabilities in VW’s keyless ignitions, told WIRED that although no security expert would sign off on those encryption systems today, the slow production cycles of the auto industry make it difficult to adjust.
He added the problems could become more serious as vehicles grow more connected and automated.
“It’s a bit worrying to see security techniques from the 1990s used in new vehicles,” Garcia said.