Keyless car entry systems could be a huge security risk

Researchers said millions of cars could be stolen if hackers take advantage of the vulnerability

Researchers from the University of Birmingham have found keyless car entry systems could be putting millions of vehicles at risk of being stolen.

According to their findings, criminals can use a simple radio transmitter to intercept the signal between car and key and then clone it to open the car at a later date when the owner is not present.

Experiments were carried out by a team from the university's School of Computer Science, with Volkswagen Group's cars shown to be most at risk.

Hackers can uncover cryptographic algorithms from electronic control units and unlock vehicles including those manufactured by Audi, Skoda and Porsche (all part of the Volkswagen Group, alongside VW itself). The cars affected date back to the mid-1990s, bringing up questions why the technology hasn't already been updated.

Advertisement - Article continues below

"It's a bit worrying to see security techniques from the 1990s used in new vehicles," researcher Dr Flavio Gambia said. "If we want to have secure, autonomous, interconnected vehicles, that has to change. Unfortunately the fix won't be easy, as there is quite a slow software development cycle, new designs will be quite a long time in the making."

The University of Birmingham investigators also found a second potential hack affecting vehicles made by Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel/Vauxhall, Renault and Peugeot.

This particular vulnerability is based on Hitag2, which allows the cryptographic key to be revealed, again allowing for the key to be cloned with a little work on a computer.

Dr David Oswald, another member of the research team, added, "You only need to eavesdrop once. From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want. Manufacturers really need to take heed and review their security systems."

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019