More than 100 million Volkswagen door locks are unlocked A new security vulnerability turned out

ByTodd Nappe

According to surveys conducted by security experts, vulnerabilities have been found in the wireless lock system installed on some of the automobiles sold since 1995. The target vehicles are more than 100 million cars thought to have been sold worldwide, and among them, I know that 100 million vehicles made by Volkswagen (VW) are included.

A New Wireless Hack Can Unlock 100 Million Volkswagens | WIRED
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/

Almost every Volkswagen sold since 1995 can be unlocked with an Arduino | Ars Technica
http://arstechnica.com/cars/2016/08/hackers-use-arduino-to-unlock-100-million-volkswagens/

This fact was revealed based on reverse engineering by Mr. Flavio Garcia, a computer scientist at the University of Birmingham, UK, and two teams of vulnerabilities were found.

The first vulnerability relates to almost all automobiles sold by VW since 1995, and there are only 100 million target vehicles indeed. This vulnerability was found in a wireless door lock system that locks and unlocks the door of a vehicle wirelessly, and it is said that third person can freely operate the door lock by eavesdropping the signal .

The research team succeeded in finding the value of the encryption key for decrypting the encrypted communication by reverse engineering the wireless key used in VW's vehicle. Since this cryptographic key is commonly used for all vehicles, it is said that there are possibilities that as many as 100 million vehicles are in danger.


However, it is not possible to manipulate the wireless lock simply by knowing the encryption key. It is a reception / transmitter based on Arduino used there. This device can mimic a signal by "eavesdropping" the radio waves emitted from the wireless key, and by emitting a signal by wearing a wireless key, it becomes possible to lock and unlock the door It is like that.


Another vulnerability extends to manufacturers other than VW, and it is possible to take over by hacking encryption technology of "HiTag 2" which is one of the ID tag standards. Here too we need a device to eavesdrop on radio key radio waves, but by having several kinds of signals read in, you can decrypt the cipher within just 1 minute and manipulate the door lock with the camouflaged signal It will be possible. The following vehicles that are considered to have this vulnerability are mainly Alfa Romeo, Citroën, Romania makers Dacia, Fiat etc. Some of them are Mitsubishi's 2004 Colt, , Nissan's 2006 model "Mikura (Japan name: March)" etc. are also listed.


Technical details have not been made clear, but once you exploit this technology it is inevitable to judge it as a serious vulnerability in the sense that many vehicles will be affected. Even though the possibility is low, as it turns out that there is a possibility of being actually affected, if you own the target vehicle, considering some countermeasures such as inquiring to the manufacturer, It seems to be one of them.