Millions of VW Group vehicles are vulnerable to hacking via their keyless entry systems, according to a Reuters report. Computer security experts at the University of Birmingham have published a paper outlining how they were able to clone VW group vehicle keys, by eavesdropping on signals when drivers press their key fobs to lock or unlock their cars.
They found that the models vulnerable to attacks include most Audis, VW, SEAT and Skoda models sold since 1995, along with most of the approximately 100 million passenger vehicles the VW Group has sold since then. The flaw was found in vehicles as recent as a 2016 Audi Q3.
“It is conceivable that all VW Group (except for some Audi) cars manufactured in the past and partially today rely on a ‘constant-key’ scheme and are thus vulnerable to the attacks,” the paper said. The exception to this is for cars built on the Group’s more recent MQB platform, such as the Golf Mk7 which were not found to have such a flaw.
The current Golf, Tiguan, Touran and Passat models are not at risk from the attack, a VW spokesperson told Reuters. “This current vehicle generation is not afflicted by the problems described,” VW spokesman Peter Weisheit said in a statement, though he did not mention the risks posed to other models.
The auto parts contractor which makes the affected keyless access systems was not identified by the published paper, and neither did VW comment on its supplier relationships. Cars of the VW Group have been subject to keyless access hacking before; last year the group was trying to suppress key technical details from being published in another paper, which would expose its vehicles to the risk of theft.
Looking to sell your car? Sell it with Carro.
VW? No value, no demand, thief also dun wanna steal lo
Scrap metal is of high value.
Owner want to get rid of VW but no secondhand value.
Some people need earn money from scrap metal.
Win-win situation: steal the car for scrap metal; owner claim insurance.
Many Proton in junkyards waiting to be scrap means its high value?
Correct! They are high value when in scrap metal form.
Low value when in Proton form.
inb4 Hackinggate. Still cannot persoal jerman overlords. So apa lagi ada?
You conveniently ignored that many other brands are affected as well, is it?
Other brands are:
Alfa Romeo, Citroen, Dacia, Fiat, Ford, Lancia, Mitsubishi, Nissan, Opel, Peugeot and Renault.
The bad thing there is the manufacturer of the affected chip (different from what is used by VW) knows about the security holes since 2009 and recommended replacing the chips with a different model that doesn’t have the flaws anymore. Still some manufacturers are still using the same chip in 2009.
The big issue with the VW system is that VW only used a handful of different keys, so if you know them all…