Carmakers have spent the past three years trying to hide a report into how electronic key fobs were easy prey for car hackers, a security conference in the US is being told.
The car companies learned in 2012 of the study but sued researchers to stop them from publishing findings. Now the paper is being presented at the USENIX security conference in Washington, DC.
Researchers in Britain and the Netherlands found flaws in electronic locks and immobilisers that put thousands of different cars at risk of car-hacking.
Their findings go a long way to supporting a police report in London that claims 42 per cent of stolen vehicles in the city are being ‘keylessly’ hacked. BMWs and Range Rovers are particularly at-risk, it said.
Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham, in Britain, found the weakness in the Radio-Frequency Identification (RFID) transponder chip used in immobilisers.
They reported how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by tech-savvy criminals.
The Megamos is one of the most common transponders, used in high-end brands including Audi, Porsche, Bentley and Lamborghini, as well as Fiats, Hondas, Volvos and Maseratis.
The Megamos Crypto is not the only vulnerable immobiliser; others like the DST transponder and KeeLoq have both been reverse-engineered and attacked by security researchers.
The research team first took its findings to the maker of the Megamos chip in February 2012 and then to Volkswagen in May 2013. VW owns Audi, Porsche, Bentley and Lamborghini and filed a lawsuit to block the publication of the paper.
Immobilisers are electronic devices that stop a car’s engine from running unless the key fob with the correct RFID is nearby. But they can be bypassed by amplifying the signal.
To break through the transponder’s 96-bit cryptographic system, the researchers used computers to listen to the radio communication between the key and the transponder to find the ‘key’ to the car. There were 196,607 secret options. It took them less than 30 minutes.
There’s no quick fix for the problem, say the researchers – the RFID chips in the keys and transponders inside the cars must be replaced.
“This is a serious flaw and it’s not very easy to quickly correct,” Tim Watson, director of Cyber Security at the University of Warwick, told news agency Bloomberg. “It isn’t a theoretical weakness, it’s an actual one and it doesn’t cost theoretical dollars to fix, it costs actual dollars.”
A VW spokesman told Bloomberg: “Volkswagen maintains its electronic as well as mechanical security measures technologically up-to-date and also offers innovative technologies in this sector.”
Anti-theft protection is generally still ensured, he added, even for older models, because criminals need access to the key signal to hack the immobiliser. “Current models, including the current Passat and Golf, don’t allow this type of attack at all,” he said.