volkswagen logo wm

Millions of VW Group vehicles are vulnerable to hacking via their keyless entry systems, according to a Reuters report. Computer security experts at the University of Birmingham have published a paper outlining how they were able to clone VW group vehicle keys, by eavesdropping on signals when drivers press their key fobs to lock or unlock their cars.

They found that the models vulnerable to attacks include most Audis, VW, SEAT and Skoda models sold since 1995, along with most of the approximately 100 million passenger vehicles the VW Group has sold since then. The flaw was found in vehicles as recent as a 2016 Audi Q3.

“It is conceivable that all VW Group (except for some Audi) cars manufactured in the past and partially today rely on a ‘constant-key’ scheme and are thus vulnerable to the attacks,” the paper said. The exception to this is for cars built on the Group’s more recent MQB platform, such as the Golf Mk7 which were not found to have such a flaw.

The current Golf, Tiguan, Touran and Passat models are not at risk from the attack, a VW spokesperson told Reuters. “This current vehicle generation is not afflicted by the problems described,” VW spokesman Peter Weisheit said in a statement, though he did not mention the risks posed to other models.

The auto parts contractor which makes the affected keyless access systems was not identified by the published paper, and neither did VW comment on its supplier relationships. Cars of the VW Group have been subject to keyless access hacking before; last year the group was trying to suppress key technical details from being published in another paper, which would expose its vehicles to the risk of theft.