This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-37057689
The article has changed 3 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| 'Millions' of Volkswagen cars can be unlocked via hack | 'Millions' of Volkswagen cars can be unlocked via hack |
| (35 minutes later) | |
| A sizeable proportion of 100 million Volkswagen Group cars sold since 1995 can be unlocked remotely by hackers, a team of researchers has said. | A sizeable proportion of 100 million Volkswagen Group cars sold since 1995 can be unlocked remotely by hackers, a team of researchers has said. |
| The problem affects a range of vehicles manufactured between 1995 and 2016 - including VWs and models from the company's Audi, Seat and Skoda brands. | The problem affects a range of vehicles manufactured between 1995 and 2016 - including VWs and models from the company's Audi, Seat and Skoda brands. |
| A homemade radio costing about £30 is the only hardware an attacker requires. | A homemade radio costing about £30 is the only hardware an attacker requires. |
| Volkswagen said it was working with the researchers and added that several new vehicles were unaffected by the issue. | Volkswagen said it was working with the researchers and added that several new vehicles were unaffected by the issue. |
| Two separate attacks affecting different models are described in a paper by researchers from the University of Birmingham and German security firm Kasper & Oswald. | Two separate attacks affecting different models are described in a paper by researchers from the University of Birmingham and German security firm Kasper & Oswald. |
| With the second method, an older cryptographic scheme in some other brands was found to have a similar vulnerability. | With the second method, an older cryptographic scheme in some other brands was found to have a similar vulnerability. |
| The team showed it was possible for a malicious hacker to spy on key fob signals to target cars via a cheap, homemade radio. | The team showed it was possible for a malicious hacker to spy on key fob signals to target cars via a cheap, homemade radio. |
| Cloned keys | Cloned keys |
| By cloning the digital keys, the researchers found they could then unlock a variety of VW Group vehicles. | By cloning the digital keys, the researchers found they could then unlock a variety of VW Group vehicles. |
| This was possible because they were able to reverse-engineer the keyless entry system in the affected models - a process which yielded some master cryptographic keys. | This was possible because they were able to reverse-engineer the keyless entry system in the affected models - a process which yielded some master cryptographic keys. |
| A spokesman for Volkswagen said several current-generation vehicles, including the Golf, Tiguan, Touran and Passat were not affected by the problem. | A spokesman for Volkswagen said several current-generation vehicles, including the Golf, Tiguan, Touran and Passat were not affected by the problem. |
| "The responsible department at Volkswagen Group is in contact with the academics mentioned and a constructive exchange is taking place," he told the BBC. | "The responsible department at Volkswagen Group is in contact with the academics mentioned and a constructive exchange is taking place," he told the BBC. |
| The spokesman added that starting the car's engine with this attack was "not possible". | The spokesman added that starting the car's engine with this attack was "not possible". |
| Prior to publishing their research, the team behind the paper agreed with Volkswagen that some key pieces of information - including the value of the master cryptographic keys - would not be made public. | Prior to publishing their research, the team behind the paper agreed with Volkswagen that some key pieces of information - including the value of the master cryptographic keys - would not be made public. |
| Security expert Ken Munro at Pen Test Partners said critical components of the attack had indeed been omitted. | Security expert Ken Munro at Pen Test Partners said critical components of the attack had indeed been omitted. |
| "You'd need some academic-level knowledge of cryptography to be able to do this," he added. | "You'd need some academic-level knowledge of cryptography to be able to do this," he added. |
| However, he also said the research was the latest in a string of similar findings that showed how many on-board systems in modern cars were vulnerable to hacking. | However, he also said the research was the latest in a string of similar findings that showed how many on-board systems in modern cars were vulnerable to hacking. |
| "Manufacturers are doing the right thing now, but you've got this huge problem with the installed base, those cars will last maybe 10 years - the fix is not simple," he told the BBC. | "Manufacturers are doing the right thing now, but you've got this huge problem with the installed base, those cars will last maybe 10 years - the fix is not simple," he told the BBC. |
| "You're potentially replacing all the control units in all the vehicles out there." | "You're potentially replacing all the control units in all the vehicles out there." |
| Mr Munro added that it might be possible to prevent the reverse-engineering approach taken by the researchers in order to prevent the discovery of the crucial cryptographic keys. | Mr Munro added that it might be possible to prevent the reverse-engineering approach taken by the researchers in order to prevent the discovery of the crucial cryptographic keys. |
| The paper will be presented later today at the Usenix cybersecurity conference in Austin, Texas. |