New Wireless Key Hack Puts Tens of Millions of Volkswagens at Risk

A team of security researchers based at the University of Birmingham have discovered how to use software defined radio (SDR) to remotely unlock nearly every Volkswagen manufactured since 1995, a new article from Wired reports. That amounts to nearly 100 million cars that are vulnerable to being hacked with hardware that costs a mere $40 or so.

Researchers discovered the flaw by extracting “a single cryptographic key value” that is used in many Volkswagen vehicles, which they accomplished by reverse-engineering the electronic control units in many cars, ZDNet reports. This key value combined with the cryptographic value intercepted from a remote key fob can allow intruders to clone a key fob that will unlock a car. The second value unique to each key fob can easily be acquired by eavesdropping on the radio frequency signals of the target remote control.

Volkswagen has acknowledged the issue, according to Ars Technica, and has stated that it is working on a response. Given the breathtaking magnitude of the vulnerability, the German automaker has its work cut out for it.

As it stands the only surefire way to protect your 1990’s Volkswagen is to do away with the remote key fob and mechanically lock and unlock your vehicle.

One of the practical implications of this finding, the researchers argue, is that insurance companies may have to accept that claims that seem fraudulent at first glance may in fact be plausible and true, according to ZDNet. Even if the intruders don’t steal your car outright by hotwiring it after breaking in, they may be able to steal belongings inside the car and vanish without a trace, making it difficult to prove that you were a victim of theft.

The researchers are set to debut a second hack that will allegedly affect Alfa Romeo, Fiat, Ford, Mitsubishi, and Nissan, among many other car companies.