Almost all VW cars sold since 1995 have this security flaw
The Local · 11 Aug 2016, 12:52
Published: 11 Aug 2016 12:52 GMT+02:00
Updated: 11 Aug 2016 12:52 GMT+02:00
The researchers from the University of Birmingham and German engineering firm Kasper & Oswald found that 100 million cars worldwide from 15 different manufacturers have a security flaw in their remote control keys that proves to be a “significant vulnerability,” according to reports by Süddeutsche Zeitung, as well as broadcasters NDR and WDR.
The keyless fobs send signals to the cars, but the researchers found that hackers can intercept these signals using relatively cheap radio equipment, and then clone the keys for themselves.
Many of the models with the security risk were produced by Volkswagen, as well as by its subsidiaries Audi, Seat and Škoda. Almost all VW cars produced since 1995 were found to have this problem.
The vulnerability was also found in Alfa Romeo, Citroën, and Ford cars.
SZ reports that there is already a case under investigation in Germany where a car thief seems to have used the method described by the researchers.
But the researchers maintain that the method of hacking they discuss is still quite hard to manage as a thief must be fairly close to the car they want to steal and there are further technical steps involved in gaining access.
This isn't the first time that the researchers have raised concerns about the keyless system: members of the current team presented a paper about the risks last year.
READ MORE: How thieves can hack into cars without a key
Volkswagen told Süddeutsche Zeitung (SZ) that the researchers' latest report had shown “that the security systems from 15-year-old cars do not have the same level of security of our current vehicles”, listing models like the new Golf or Passat.
But the newspaper points out that this still means people with not-so-brand-new cars are at a security risk.
VW did not answer the researchers about what the company would do for such customers given the revelations of the report.
The researchers are presenting their findings at the Usenix security conference in Austin, Texas on Friday.