Keyless car entry systems could be a huge security risk
Researchers said millions of cars could be stolen if hackers take advantage of the vulnerability
Researchers from the University of Birmingham have found keyless car entry systems could be putting millions of vehicles at risk of being stolen.
According to their findings, criminals can use a simple radio transmitter to intercept the signal between car and key and then clone it to open the car at a later date when the owner is not present.
Experiments were carried out by a team from the university's School of Computer Science, with Volkswagen Group's cars shown to be most at risk.
Hackers can uncover cryptographic algorithms from electronic control units and unlock vehicles including those manufactured by Audi, Skoda and Porsche (all part of the Volkswagen Group, alongside VW itself). The cars affected date back to the mid-1990s, bringing up questions why the technology hasn't already been updated.
"It's a bit worrying to see security techniques from the 1990s used in new vehicles," researcher Dr Flavio Gambia said. "If we want to have secure, autonomous, interconnected vehicles, that has to change. Unfortunately the fix won't be easy, as there is quite a slow software development cycle, new designs will be quite a long time in the making."
The University of Birmingham investigators also found a second potential hack affecting vehicles made by Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel/Vauxhall, Renault and Peugeot.
This particular vulnerability is based on Hitag2, which allows the cryptographic key to be revealed, again allowing for the key to be cloned with a little work on a computer.
Dr David Oswald, another member of the research team, added, "You only need to eavesdrop once. From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want. Manufacturers really need to take heed and review their security systems."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now