More than a hundred million cars are in danger of being hack due to a computer error, allowing an attacker to ignite and open a car without having to use the original car keys.
The breach was discovered by a group of investigators from the University of Birmingham, they found two vulnerabilities in the ignition system of several cars brands, especially Volkswagen and some of its affiliates (Audi and Skoda).
The vulnerability also affects car brands like Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot, all of them fabricated after 1995.
The researchers presented their findings at the Usenix Security Symposium, held in Austin, TX (United States).
For cars made by Volkswagen, the attack is made through the wireless signals emitted by the keyless entry system, who can be intercepted and cloned via an Arduino board (a cheap, programmable computer board) and a radio receiver. After that, the Arduino becomes the actual car key.
To be able to clone the key one must possess two parts of a shared cypher, according to the researchers, one part of the key is being shared by all the car models, more incredibly, the car makes have been reusing the keys for the last 20 years.
The second vulnerability found affects a cryptographic system used by millions of vehicles called HiTag 2. The technology is used to generate aleatory codes every time a car key is pressed to open the vehicle, however, the system isn’t random enough, and can be cracked using an Arduino board and the radio receiver.
Volkswagen was calm at addressing the researcher’s study. According to the company, the real risk of car theft is minimum, as the hack solutions aren’t able to ignite the car. Opel, another car make, said that the technical complexity of executing such an attack makes it unviable, and assured its clients that they aren’t facing any significant risks.
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.