Researchers who are well-acquainted with Volkswagen have published a paper alleging that hackers are able to access the remote keyless entry system of virtually every Volkswagon produced since 1995.
A report in Wired Magazine says a team of researchers at the UK's University of Birmingham, led by Flavio Garcia, is the same group that last year reported hackers could start thousands of VWs without a key.
If true, this is not good news for the beleaguered automaker, trying mightily to overcome the negative force field it finds itself in after the diesel emission cheating scandal, which broke 11 months ago.
Wired reports the researchers, joined by colleagues from the German firm Kasper & Oswald, laid out two distinct vulnerabilities at the Usenix security conference in Austin this week. The researchers say nearly 100 million cars may be vulnerable.
Beyond VW and Audi, Wired says millions of other cars from other manufacturers, including Ford, may have the same vulnerability.
Not a new worry
There apparently have been concerns for some time about the security of remote keyless entry systems. Theoretically, the hack isn't that difficult.
Earlier this year automotive website Edmunds.com reported that car thieves were using some kind of electronic device to gain entry to locked vehicles.
“Some electronic security experts believe that the criminals may be exploiting the convenience of keyless-entry systems, which are designed to detect and authenticate the smart key inside a car owner's pocket as he or she pulls on the door handle,” Edmunds reported. “They say that if the thieves can amplify the car's signal it can be fooled into using the owner's key to open the doors, even if that key actually is on a nightstand or the kitchen table inside the house.”
Not that difficult
The crime is new enough, however, that there really aren't any statistics to suggest how big a threat it is. But as thieves learn more about it, the ability to pull it off is apparently not that difficult.
Road and Track reports a “good guy hacker” was able to assemble a device that can hack many older vintage keyless entry systems for about $30. In his case, the device was able to track, unlock, and remote start a vehicle by intercepting signals from the OnStar smartphone app.
The fact that this vulnerability appears to affect so many older models could be problematic, since we recently reported that these are the prime targets for thieves. The National Insurance Crime Bureau reports the 1996 Honda Accord was last year's most-stolen vehicle. Thieves usually target older cars because their parts are in demand.