Keyless systems of many VW Group cars can be hacked: researchers
By Eric Auchard
FRANKFURT (Reuters) - Tens of millions of vehicles sold by Volkswagen AG (VOWG_p.DE: Quote) over the past 20 years, and some current models, are vulnerable to theft because keyless entry systems can be hacked using cheap technical devices, according to European researchers.
Computer security experts at the University of Birmingham have published a paper outlining how they were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars.
Vehicles vulnerable to this attack include most Audi, VW, Seat and Skoda models sold since 1995 and many of the approximately 100 million VW Group vehicles on the road since then, the researchers said. The flaw was found in car models as recent as the Audi Q3, model year 2016, they said.
"It is conceivable that all VW Group (except for some Audi) cars manufactured in the past and partially today rely on a 'constant-key' scheme and are thus vulnerable to the attacks," the paper said.
The only exception were cars built on VW's latest MQB production platform, which is used in its top selling model, the Golf VII, which the researchers found does not have the flaw.
"There are still some VW car models being sold that are not on the latest platform and which remain vulnerable to attack," Flavio Garcia, co-author of the report and a senior lecturer in computer security at University of Birmingham, told Reuters.
A VW spokesman said that its current Golf, Tiguan, Touran and Passat models are not at risk from the attack.
"This current vehicle generation is not afflicted by the problems described," VW spokesman Peter Weisheit said in a statement, without commenting on the risks to other models. Continued...