News

VW spends years trying to conceal security flaw

Hacking is usually a term associated with computers or most electronic devices. However, with cars getting increasingly dependent on electronics, it looks like convenience features are being turned into a security threat. According to a report by Bloomberg, hackers target vulnerabilities in electronic locks and immobilizers, and the crime now accounts for 42% of stolen vehicles in London. BMWs and Range Rovers are said to be particularly at risk, and police say, a technically sound criminal can gain access to a car in as quickly as 60 seconds.

A similar vulnerability was identified in keyless vehicles, which are made by several car manufacturers. The weakness in question affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers. The research team first took its findings to the manufacturer of the affected chip in February 2012 and then to Volkswagen in May 2013. Volkswagen then filed a lawsuit to block the publication of the paper stating that it would increase the risk of their cars being stolen.

After lengthy negotiations, the paper by Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham, U.K, will now be presented at the USENIX security conference in Washington, D.C., albeit with one sentence giving an explicit description of a component of the calculations on the chip being removed.

The authors highlight how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by hackers and used to steal high end vehicles. The Megamos transponder is a commonly used immobilizer transponder in VW group vehicles including those from Audi, Porsche, Bentley and Lamborghini. Certain cars made by brands such as Fiat, Honda, Volvo and Maserati use the system as well. Other products like the DST transponder and KeeLoq too, have been targeted.

In order to fix the problem, manufacturers will have to replace the RFID chip in the keys and the transponders in the cars, which will entail a significant labour cost and will be a logistical challenge.

 
Live To Drive