Almost all cars sold by VW Group since 1995 at risk from unlock hack

Almost all cars sold by VW Group since 1995 at risk from unlock hack

Wired writes:

Later this week at the Usenix security conference in Austin, a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Skoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.

The researchers are led by University of Birmingham computer scientist Flavio Garcia, who was previously blocked by a British court, at the behest of Volkswagen, from giving a talk about weaknesses in car immobilisers.

Sign up to our free newsletter.
Security news, advice, and tips.

At the time Volkswagen argued that the research could “allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car.” That researchers finally got to present their paper a year ago, detailing how the Megamos Crypto system – an RFID transponder that uses a Thales-developed algorithm to verify the identity of the ignition key used to start motors – could be subverted.

The team’s latest research doesn’t detail a flaw that in itself could be exploited by car thieves to steal a vehicle, but does describe how criminals located within 300 feet of the targeted car might use cheap hardware to intercept radio signals that allow them to clone an owner’s key fob.

The researchers found that with some “tedious reverse engineering” of one component inside a Volkswagen’s internal network, they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”

Sounds to me like it’s time to turn to the car manufacturers to ask what on earth they are going to do to fix the millions of potentially vulnerable vehicles they have sold in the last couple of decades.

Read more, including the researcher’s paper, on Wired.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

2 comments on “Almost all cars sold by VW Group since 1995 at risk from unlock hack”

  1. Mark

    Thanks Graham, I will get onto Audi!

  2. Rebecca Zimmermeyer

    The biggest shame is that VW tried to keep the researchers from publishing their results. I am looking forward to hearing what they are going to do about it, too!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.