News

Leaks in access systems affect nearly 100 million vehicles VW Group

By admin
Spread the love

Researchers from the British University of Birmingham and the German company Kasper & Oswald have discovered two vulnerabilities in wireless access systems of cars, especially those of the VW group. One leak could provide access to approximately 100 million cars.

The first leak would affect just about every Volkswagen sold since 1995, as well as models from Audi, Seat and Škoda. The second leak is present in other brands, including Fiat, Ford, Nissan, Opel and Peugeot. The first vulnerability is the most troubling, Wired writes. This has to do with the fact that Volkswagen vehicles use a limited number of cryptographic keys, which together with another key give access to a car. For example, there are only four different keys, which can be extracted from various ‘internal components’ of the car, allowing access to 100 million vehicles.

The only other element required for this is the cryptographic key, which is wirelessly transferred to the vehicle by the driver of the car the moment he unlocks the car. This can be traced by an attacker who is within 90m of the car and who intercepts the signal with an Arduino device of about 35 euros. According to the researchers, it is only necessary to intercept this data once, in order to create a new key from the internal components together with the key that provides permanent access to the vehicle. The attack is complicated by the fact that the four shared keys differ per year and model of the car. Also, they are stored in various internal components.

The second vulnerability is present in the HiTag2 system, which is still used in the NXP chips of millions of cars. This system was also hacked once in 2012, by researchers from Radboud University. By intercepting eight codes sent to the car by the driver’s key, the researchers were able to crack the encryption within 60 seconds.

The scientists don’t expect solutions to the vulnerabilities to come soon, because cars have a long development process. Because the leaks only allow access to the car and not allow it to start, the researchers recommend not leaving any valuable objects in the car. The research was presented at the Usenix conference, which is taking place in Austin.

The Arduino with which key signals can be intercepted. Via Wired.

You might also like
News

App Store comes with a new update – and it is very nice!

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones