Researchers have disclosed a cryptographic flaw that affects keyless entry systems for Volkswagens manufactured between 1995 and 2016.
In a paper, researchers Flavio D. Garcia and David Oswald, University of Birmingham; Timo Kasper, Kasper & Oswald GmbH; and Pierre Pavlidès, University of Birmingham, were able to recover the cryptographic algorithms and keys from electronic control units, and able to clone a VW Group remote control and gain unauthorized access to a vehicle. A correlation-based attack on Hitag2 allows the recovery of the cryptographic key and thus cloning of the remote control with four to eight rolling codes, they said.
Affected are Volkswagens and models from the company’s Audi, Seat, and Skoda brands. While it does not allow the attacker to drive off with the car, it does allow the attackers to enter the vehicle. The researchers admit that it is a fairly sophisticated attack, but nonetheless possible.
“We were kind of shocked,” Timo Kasper at Kasper & Oswald told the BBC. “Millions of keys using the same secrets – from a cryptography point of view, that’s a catastrophe.”
“The responsible department at Volkswagen Group is in contact with the academics mentioned and a constructive exchange is taking place,” a representative from Volkswagen told the BBC.
The researchers presented their findings on Friday at the USENIX cyber security conference in Austin, Texas.