By cloning the digital keys, the researchers found they could then unlock a variety of VW Group vehicles.<\/p>\n
This was possible because they were able to reverse-engineer the keyless entry system in the affected models – a process which yielded some master cryptographic keys.<\/p>\n
Prior to publishing their research, the team behind the paper agreed with Volkswagen that some key pieces of information – including the value of the master cryptographic keys – would not be made public.<\/p>\n
“We were kind of shocked,” Timo Kasper at Kasper & Oswald told the BBC. “Millions of keys using the same secrets – from a cryptography point of view, that’s a catastrophe.”<\/p>\n Mr Kasper said that after the researchers alerted Volkswagen to the problem in November 2015, they set up some meetings to help the car maker understand the vulnerability.<\/p>\n “We had very fruitful discussions – there was a very good atmosphere,” he said.<\/p>\n However, there are “at least ten more, very widespread” hacking schemes affecting various other car brands that Kasper & Oswald is still waiting to publish, following appropriate disclosure to the companies involved, Mr Kasper added.<\/p>\n ‘Constructive exchange’<\/strong><\/p>\n A spokesman for Volkswagen said several current-generation vehicles, including the Golf, Tiguan, Touran and Passat were not affected by the problem.<\/p>\n “The responsible department at Volkswagen Group is in contact with the academics mentioned and a constructive exchange is taking place,” he told the BBC.<\/p>\n The spokesman added that starting the car’s engine with this attack was “not possible”.<\/p>\n Security expert Ken Munro at Pen Test Partners said critical components of the attack had been omitted from the published paper.<\/p>\n “You’d need some academic-level knowledge of cryptography to be able to do this,” he added.<\/p>\n However, he also said the research was the latest in a string of similar findings that showed how many on-board systems in modern cars were vulnerable to hacking.<\/p>\n “Manufacturers are doing the right thing now, but you’ve got this huge problem with the installed base, those cars will last maybe 10 years – the fix is not simple,” he told the BBC.<\/p>\n “You’re potentially replacing all the control units in all the vehicles out there.”<\/p>\n Mr Munro added that it might be possible to prevent the reverse-engineering approach taken by the researchers in order to prevent the discovery of the crucial cryptographic keys.<\/p>\n The paper will be presented later today at the Usenix cybersecurity conference in Austin, Texas.<\/p>\n","protected":false},"excerpt":{"rendered":" A sizeable proportion of 100 million Volkswagen Group cars sold since 1995 can be unlocked remotely by hackers, a team of researchers has said. The problem affects a range of vehicles manufactured between 1995 and 2016 – including VWs and models from the company’s Audi, Seat and Skoda brands. A homemade radio costing about \u00a330 […]<\/p>\n","protected":false},"author":14,"featured_media":238765,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[106],"tags":[],"yoast_head":"\n![\"Volkswagen](\"http:\/\/ichef-1.bbci.co.uk\/news\/624\/cpsprodpb\/16B6C\/production\/_90763039_gettyimages-525423918.jpg\")
Image copyright<\/span>AFP<\/span><\/span>![\"VW](\"http:\/\/ichef-1.bbci.co.uk\/news\/624\/cpsprodpb\/32EC\/production\/_90763031_gettyimages-584022404.jpg\")
<\/span><\/figure>\n