As I mentioned above, electronic car-hacking has been in the news quite a bit lately. A recent report is most troubling. It appears that thousands of cars from a host of manufacturers have spent years at risk of electronic car-hacking. Expert research revealed that Volkswagen spent two years in the courts trying to suppress the problem. “Keyless” car theft, which sees hackers target vulnerabilities in electronic locks and immobilizers, now accounts for 42 percent of stolen vehicles in London. BMWs and Range Rovers are particularly at-risk. Police say a technically minded criminal can have a car unlocked and stolen within 60 seconds.
Security researchers have now discovered a similar vulnerability in keyless vehicles made by several carmakers. The weakness, which affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers, was discovered in 2012, but carmakers sued the researchers to prevent them from publishing their findings. The paper by Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham, U.K. was presented at the USENIX security conference in Washington, D.C. The authors detailed how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by malicious hackers looking to steal luxury vehicles.
The Megamos, one of the most common immobilizer transponders, is used in Volkswagen-owned luxury brands including Audi, Porsche, Bentley and Lamborghini, as well as Fiats, Hondas, Volvos and some Maserati models. Tim Watson, Director of Cyber Security at the University of Warwick, stated:
This is a serious flaw and it’s not very easy to quickly correct. It isn’t a theoretical weakness, it’s an actual one and it doesn’t cost theoretical dollars to fix, it costs actual dollars.
Immobilizers are electronic security devices that stop a car’s engine from running unless the correct key fob (containing the RFID chip) is in close proximity to the car. They are supposed to prevent traditional theft techniques like hot-wiring, but can be bypassed.
For example, this can be done by amplifying the signal. In this case, however, researchers broke the transponder’s 96-bit cryptographic system by listening in twice to the radio communication between the key and the transponder. This reduced the pool of potential secret key matches, and opened up the “brute force” option: running through 196,607 options of secret keys until they found the one that could start the car. It took less than half an hour. Security researcher Andrew Tierney observed:
The attack is quite advanced, but VW produces a lot of very high-end vehicles that get stolen to order. The criminals involved are more sophisticated than the sorts who just steal your keys and drive off with your car.
There appears to be no quick fix for the problem. As I understand it, the RFID chips in the keys and transponders inside the cars must be replaced, resulting in significant labor costs. The research team first took its findings to the manufacturer of the affected chip in February 2012 and then to Volkswagen in May 2013. Volkswagen filed a lawsuit to block the publication of the paper, claiming that it would put the security of winning an injunction in the U.K.’s High Court.
Finally, after some rather lengthy negotiations, the paper is finally in the public domain with just one sentence redacted. That single sentence, however, contains an explicit description of a component of the calculations on the chip. Verdult says that by removing the sentence it was much more difficult to recreate the attack.
Volkswagen says that anti-theft protection is generally still ensured even for older models. That’s because criminals need access to the key signal to hack the immobilizer, according to the automaker. Volkswagen says current models, including the current Passat and Golf, don’t allow this type of attack at all. The Megamos Crypto is not the only immobilizer to have been targeted in this way – other popular products including the DST transponder and KeeLoq have both been reverse-engineered and attacked by security researchers.
Source: Insurance Journal
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.