Keyless car entry systems could be a huge security risk
Researchers said millions of cars could be stolen if hackers take advantage of the vulnerability
Researchers from the University of Birmingham have found keyless car entry systems could be putting millions of vehicles at risk of being stolen.
According to their findings, criminals can use a simple radio transmitter to intercept the signal between car and key and then clone it to open the car at a later date when the owner is not present.
Experiments were carried out by a team from the university's School of Computer Science, with Volkswagen Group's cars shown to be most at risk.
Hackers can uncover cryptographic algorithms from electronic control units and unlock vehicles including those manufactured by Audi, Skoda and Porsche (all part of the Volkswagen Group, alongside VW itself). The cars affected date back to the mid-1990s, bringing up questions why the technology hasn't already been updated.
"It's a bit worrying to see security techniques from the 1990s used in new vehicles," researcher Dr Flavio Gambia said. "If we want to have secure, autonomous, interconnected vehicles, that has to change. Unfortunately the fix won't be easy, as there is quite a slow software development cycle, new designs will be quite a long time in the making."
The University of Birmingham investigators also found a second potential hack affecting vehicles made by Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel/Vauxhall, Renault and Peugeot.
This particular vulnerability is based on Hitag2, which allows the cryptographic key to be revealed, again allowing for the key to be cloned with a little work on a computer.
Dr David Oswald, another member of the research team, added, "You only need to eavesdrop once. From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want. Manufacturers really need to take heed and review their security systems."
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now