Vehicles from a wide range of auto manufacturer – such as VW, Fiat, Audi, Ferrari, Porsche or Maserati – have been for years in peril, prone to electronic car-hackings.
These are the findings of expert research, which has been battled for two years in courts by Germany’s Volkswagen AG. Car theft involving vehicles equipped with “keyless” entry systems has been exploiting for years the vulnerabilities in electronic locks and immobilizers and now makes up for 42 percent of the stolen vehicles in UK’s capital – London, for example. According to police, technically skilled criminals can access such vehicles within 60 seconds. Security researchers have now said there are such vulnerabilities in keyless vehicles made by a wide array of manufacturers. And what’s worse – the researchers discovered the flaws back in 2012 and have been dragged since to court by the carmakers in order to prevent them from delivering their findings to the public. The authors, Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham, UK, will present their findings at the USENIX security conference in Washington.
The flaw affects the Radio-Frequency Identification (RFID) transponder chip employed by immobilizers – particularly the Megamos Crypto transponder that has its cryptography and authentication protocol easily targeted by malevolent hackers out to steal premium autos. The Megamos is also among the most common immobilizer transponders, used by VW AG’s Audi, Porsche, Bentley and Lamborghini, as well as the Fiat, Honda, Volvo brands and certain Maseratis.