In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.
Later this week at the Usenix security conference in Austin, a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.
Both attacks use a cheap, easily available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key. The attacks, the researchers say, can be performed with a software defined radio connected to a laptop, or in a cheaper and stealthier package, an Arduino board with an attached radio receiver that can be purchased for $40. “The cost of the hardware is small, and the design is trivial,” says Garcia. “You can really build something that functions exactly like the original remote.”
100 Million Vehicles, 4 Secret Keys
Of the two attacks, the one that affects Volkswagen is arguably more troubling, if only because it offers drivers no warning at all that their security has been compromised, and requires intercepting only a single button press. The researchers found that with some “tedious reverse engineering” of one component inside a Volkswagen’s internal network, they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”
The attack isn’t exactly simple to pull off: Radio eavesdropping, the researchers say, requires that the thief’s interception equipment be located within about 300 feet of the target vehicle. And while the shared key that’s also necessary for the theft can be extracted from one of a Volkswagen’s internal components, that shared key value isn’t quite universal; there are several different keys for different years and models of Volkswagen vehicles, and they’re stored in different internal components.
The researchers aren’t revealing which components they extracted the keys from to avoid tipping off potential car hackers. But they warn that if sophisticated reverse engineers are able to find and publicize those shared keys, each one could leave tens of millions of vehicles vulnerable. Just the four most common ones are used in close to all the 100 million Volkswagen vehicles sold in the past twenty years. They say that only the most recent VW Golf 7 model and others that share its locking system have been designed to use unique keys and are thus immune to the attack.
Cracked in 60 Seconds
The second technique that the researchers plan to reveal at Usenix attacks a cryptographic scheme called HiTag2, which is decades old but still used in millions of vehicles. For that attack they didn’t need to extract any keys from a car’s internal components. Instead, a hacker would have to use a radio setup similar to the one used in the Volkswagen hack to intercept eight of the codes from the driver’s key fob, which in modern vehicles includes one rolling code number that changes unpredictably with every button press. (To speed up the process, they suggest that their radio equipment could be programmed to jam the driver’s key fob repeatedly, so that he or she would repeatedly press the button, allowing the attacker to quickly record multiple codes.)
With that collection of rolling codes as a starting point, the researchers found that flaws in the HiTag2 scheme would allow them to break the code in as little as one minute. “No good cryptographer today would propose such a scheme,” Garcia says.
Volkswagen didn’t immediately respond to WIRED’s request for comment, but the researchers write in their paper that VW acknowledged the vulnerabilities they found. NXP, the semiconductor company that sells chips using the vulnerable HiTag2 crypto system to carmakers, says that it’s been recommending customers upgrade to newer schemes for years. “[HiTag2] is a legacy security algorithm, introduced 18 years ago,” writes NXP spokesperson Joon Knapen. “Since 2009 it has been gradually replaced by more advanced algorithms. Our customers are aware, as NXP has been recommending not to use HT2 for new projects and design-ins for years.”
While the researchers’ two attacks both focus on merely unlocking cars rather than stealing them, Garcia points out that they might be combined with techniques like the one he and different teams revealed at the Usenix conferences in 2012 and last year. That research exposed vulnerabilities in the HiTag2 and Megamos “immobilizer” systems that prevent cars from being driven without a key, and would allow millions of Volkswagens and other vehicles ranging from Audis to Cadillacs to Porsches to be driven by thieves, provided they could get access to the inside of the vehicle.
Black Boxes and Mysterious Thefts
Plenty of evidence suggests that sort of digitally enabled car theft is already occurring. Police have been stumped by videos of cars being stolen with little more than a mystery electronic device. In one case earlier this month thieves in Texas stole more than 30 Jeeps using a laptop, seemingly connected to the vehicle’s internal network via a port on its dashboard. “I’ve personally received inquiries from police officers,” says Garcia, who added they had footage of thieves using a “black box” to break into cars and drive them away. “This was partly our motivation to look into it.”
For car companies, a fix for the problem they’ve uncovered won’t be easy, Garcia and Oswald contend. “These vehicles have a very slow software development cycle,” says Garcia. “They’re not able to respond very quickly with new designs.”
Until then, they suggest that car owners with affected vehicles—the full list is included in the researchers’ paper (see below)—simply avoid leaving any valuables in their car. “A vehicle is not a safebox,” says Oswald. Careful drivers, they add, should even consider giving up on their wireless key fobs altogether and instead open and lock their car doors the old-fashioned, mechanical way.
But really, they point out, their research should signal to automakers that all of their systems need more security scrutiny, lest the same sort of vulnerabilities apply to more critical driving systems. “It’s a bit worrying to see security techniques from the 1990s used in new vehicles,” says Garcia. “If we want to have secure, autonomous, interconnected vehicles, that has to change.”