Volkswagen Polo Facelift 14

Now, many might be getting quite paranoid about the recent spate of stories revolving around wireless hacks, nifty devices like ‘Rolljam’ and inherent vulnerabilities in connected vehicles that leave them exposed to enterprising hackers.

Well, unfortunately, there’s more bad news. According to Bloomberg, Volkswagen has spent two years trying to hide a huge security flaw that affects thousands of cars from a range of manufacturers. The carmaker has spent two years suppressing the research findings in courts.

The publication states that ‘keyless’ car theft, where hackers target to exploit flaws in electronic locks and immobilisers, now account for 42% of vehicular theft in London. The city’s Metropolitan Police has stated that BMWs and Range Rovers are definitely at risk, as a tech savvy thief could do a proper getaway in these rides under 60 seconds.

Apparently, Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham have presented an academic paper at the USENIX security conference in Washington DC, where they detail how the cryptography and authentication protocol used in the ‘Megamos Crypto’ transponder can be exploited by hackers to ultimately abscond with these luxury vehicles.

This particular immobilizer transponder, the ‘Megamos Crypto’, is most commonly used in Volkswagen-owned brands such as Audi, Porsche, Bentley and Lamborghini. Worryingly, it is also used in brand such as Fiat, Honda, Volvo and some Maserati models too.

Amazingly, the publication states that these researchers broke the transponder’s 96-bit cryptographic system by listening in twice to the radio communication between the key and the transponder.

Since this reduced the pool of potential secret key matches, the researchers opened up the ‘brute force’ option, which ran through 196,607 options of confidential combinations of key codes till they found the suitable key code, all in less than half an hour. The Bloomberg report adds that there’s no quick fix to the problem, as the RFID chips in the keys and transponders inside the cars must be replaced, which would result in a lot of labour costs.

megamos crypto

It seems that the research team took its findings to the manufacturer of the chip in February 2012 and then to VW in May 2013, and after the car-maker filed a lawsuit to block the publication of the paper – successfully arguing the case that doing so would expose its vehicles to the risk of theft – the UK’s High Court granted an injunction. Significantly, the paper is now in the public domain, with one sentence omitted.

“This single sentence contains an explicit description of a component of the calculations on the chip,” Verdult said, when speaking to the publication, adding that by removing the sentence it was much more difficult to recreate the attack.

Volkswagen responded swiftly to the publication’s expose – a company spokesman said that anti-theft protection is still reliable even for the older models, while current models are totally secure and invulnerable to these attacks. In any case, there is also list of manufacturers and car models above that may be open to these hacking exploits. The list is focused on vehicles that use Megamos Crypto, and the ones in bold are the models that the research team experimented on.