Car hacking - report reveals security flaw in immobilisers

Study was buried for two years; over 100 models at risk from attacks

A Dutch academic study has revealed that well over 100 cars have a security flaw that could allow hackers to start and steal them without a key.

Controversially, the report – entitled ‘Dismantling Megamos Crypto: Wirelessly Lock-Picking A Vehicle Immobilizer’ – has only recently been released, after a court injunction from Volkswagen and other manufacturers was lifted after two years.

You expect to need your car’s key to start it, but according to the report, that’s not always the case. It states that some anti-theft systems on some models can be hacked remotely, allowing the car to be driven away.

The report’s authors Roel Verdult, Flavio Garcia and Baris Ege say they were “able to recover the key and start the engine with a transponder-emulating device. Executing this attack from beginning to end takes only 30 minutes”.

They managed this by ‘listening in’ to the signals sent between the car’s key and the immobiliser and then replicating them.

Cars from across the Volkswagen Group – including Audi, Bentley, Porsche, Lamborghini and VW itself – as well as Alfa Romeo, Fiat and Jeep, are affected.

A 2016 UK study has recently found similar problems, this time concerning the remote central locking systems of an estimated 100 million cars made by the Volkswagen Group (including Skoda, SEAT and Audi models) between 1995 and 2016.

Now working with the University of Birmingham, Flavio Garcia, together with David Oswald, claim VW Group cars can have their keys’ codes ‘cloned’ by thieves after locking or unlocking signals have been intercepted, allowing unauthorised access to the vehicle. While this doesn’t allow the car to be driven away, it’s definitely concerning – particularly when taken in conjunction with the immobiliser issue. Volkswagen is keen to stress its newer models (including the latest Golf, Tiguan and Passat) have improved security measures, though, and aren’t affected by this issue.

Car hacking: could it happen to you?

Manufacturers that use the radio-frequency identification (RFID) are coming under increasing pressure from the researchers to take their findings into account and improve their security measures.

It’s important to note that this is not the same issue as the one recently discovered in the Tesla Model S that can be fixed by a remote software upgrade – this was to do with the quality of the hardware in the key used to send the coded message to the immobiliser.

The researchers claim that a better, more secure chip in the key – costing less than £1 more – would make hacking the immobiliser far more difficult and complicated.

While Verdult, Garcia and Ege are campaigning for manufacturers to do more to combat car hacking and be more open in their discussions about it, some companies aren’t so keen.

Volkswagen Group of America, along with 12 other car manufacturers, is lobbying for car technology to fall under the protection of the Digital Millennium Copyright Act in the US. If it succeeds, research of this nature would become illegal.

Volkswagen insists it’s doing everything possible to prevent these hacking attempts, saying: “In all aspects of vehicle security, be this mechanical or electronic, Volkswagen goes to great lengths to ensure the security and integrity of its products against external malicious attack.”

Recommended

Audi Q3 SUV review
Audi Q3 SUV
Audi Q3
24 Sep 2021

Audi Q3 SUV review

What is Volkswagen 4MOTION? Should you choose it?
What is VW 4MOTION
Volkswagen
9 Sep 2021

What is Volkswagen 4MOTION? Should you choose it?

Baby Jeep SUV set to be electric-only
Baby Jeep exclusive image
Jeep
9 Sep 2021

Baby Jeep SUV set to be electric-only

New Volkswagen ID. Life concept previews affordable electric car
Volkswagen ID. Life Concept
Volkswagen
6 Sep 2021

New Volkswagen ID. Life concept previews affordable electric car

Most Popular

Best new car deals 2021
Fiat 500 electric
Deals
24 Sep 2021

Best new car deals 2021

Top 10 best small estates 2021
Skoda Octavia Estate
Skoda Octavia Estate
22 Sep 2021

Top 10 best small estates 2021

Electric Citroen Ami to launch in the UK next year
2022 Citroen Ami
Citroen Ami
21 Sep 2021

Electric Citroen Ami to launch in the UK next year

Tips & advice

View All
Car dashboard warning lights: the complete guide
Car dashboard symbols and meanings
Tips and advice
10 Aug 2021

Car dashboard warning lights: the complete guide

Electric car charging stations: a complete guide
Electric car charging station
Tips and advice
3 Jun 2021

Electric car charging stations: a complete guide

PCP vs HP – which type of car finance is right for you?
PCP vs HP
Tips and advice
15 Jun 2021

PCP vs HP – which type of car finance is right for you?

Average speed cameras: how do they work?
Average speed cameras: how do they work?
Tips and advice
23 Jul 2021

Average speed cameras: how do they work?

Best cars

View All
Top 10 best car interiors 2021
Peugeot 208 hatchback
Best cars
25 Jun 2021

Top 10 best car interiors 2021

Top 10 best electric cars 2021
Volkswagen ID.3
Best cars
12 Aug 2021

Top 10 best electric cars 2021

Top 10 best cheap-to-run cars 2021
Toyota Prius front 3/4 cornering
Best cars
10 Jun 2021

Top 10 best cheap-to-run cars 2021

The UK's top 10 fastest hot hatchbacks
Mercedes AMG A45 - rear
Hot hatches
25 Jun 2021

The UK's top 10 fastest hot hatchbacks