VOLKSWAGEN HACK

VOLKSWAGEN  HACK

Since the inception of OBD-II car manufacturers were mandated to install immobilizers on all vehicles built from 1996 onward. The preferred technology used by more than a dozen vehicle manufactures which includes Audi, Volkswagen, Volvo, Fiat, Honda and Chevrolet, was the Magamos Cryto transponder, viz ID48. A passive glass RFID chip used for authentication and preventing hot-wiring, embedded in the keys of these vehicles had a vulnerability. Electronic vehicle immobilizers in general have been very effective at reducing car theft to date, but today some 24 years later virtually each and every car immobilizer manufactured is defunct and the security they provide is worthless because its been hacked. 

This vulnerability in automotive security was cracked as long ago as 2013 by computer scientist Flavio Garcia and a team of researchers at the University of Birmingham. By implication they suddenly had access to a 100 000 000 Volkswagen vehicles across the globe. However, before they could publish their research to general public consumption, they were hit with a lawsuit which caused a two year delay but their paper was eventually publisized.  Their article reveals numerous weaknesses in the design of the cipher, the authentication protocol and also in its implementation allowing them to gain eavesdrop on authentication traces. This was sufficient  to recover the 96-bit secret key with a computational complexity of 256 cipher ticks and the secret key after 3 × 216 authentication attempts. This was all achievable in under  only 30 minutes. 

This all came about when local police was baffled that cars were being stolen and nobody could explain how. But they suspected that the thieves  used some kind of ‘car diagnostic’ device to bypass the immobilizer and start a car without a genuine key. In order to solve this mystery Flavio Garci and his researchers  were motivated to evaluate the security of vehicle immobilizer transponders. At the time it was commonly known hack attacks for other widely used immobilizer transponders, viz DST40, Keeloq and Hitag2 though  not much was known about the vulnerabilities of the Megamos Crypto transponder.

The Megamos Crypto transponder has since been cracked by the university team in their attempt to discover how "the thieves did it'' and realized how easy it was. This speak volumes about the technical, cryptographic, algorthmic, code cracking software savviness of the thieve who figured it all out even before the scientist and his team.

So now a team of researchers from the University of Birmingham and a German engineering company viz. Kasper & Oswald intent revealing two distinct vulnerabilities they say affect keyless entry systems. Using these two vulnerabilities resourceful thieves would be able to wirelessly unlock virtually every vehicle that  Volkswagen manufactured during the past twenty years.  These include  cars from manufacturers like Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot. 

No car with the most sophisticated immobilizer built during this time is immune to evaporate in the middle of the night, unless protected by old school brute force, steering and gear locks, parked inside a garage protected by half a dozen pitbulls.

EPC LIGHT - REVISITED

VW POLO EPC LIGHT 

Most VW Polo, Golf, Audi, Passat and  Skoda  vehicles and probably every other VAG cars appears to have problems lately. In one sentence, the most common of these problems seems to be on obd diagnostics the culprit being the  wiring that interconnect all the electronic modules, aka the OBD II / CANbus. Virtually every car diagnostic test done on several different VAG cars produced the same faults. This implies that they are common, since they are recurring on different owners cars.  I can relate to this from my Television engineering days, when several same-make and same-model televisions all appeared to give the same problems. These VAG cars all seemed to have Intermittent / Implausible messages on the Data Bus and its highly unlikely that it could be the electronic modules themselves that are intermittent. Should this be the case, each and every one of these VAG cars then needs to be recalled because it looks like a defective design or assembly line problem.  But that's  wishfully thinking on my part which will obviously be met with and answer like - highly unlikely.

Wiring harnesses and cable assemblies for electrical buses interconnecting several MOSFET fast switching electronic modules each having an edge connector / plug whether it is gold plated or not, has parasitic capacitance. Add this  to the edge connector resistance and crimped wire contacts inside the plugs makes for interesting intermittent connections. The following list are faults /errors  that showed up on diagnostic tests on cars with EPC light problems, which  gives you some idea what I'm referring to. I've  abbreviated "Powertrain Data Bus" to PDB: in order to stop each fault from running onto two lines. Excessive comms errors and internal control module memory error intermittent are common faults caused by wiring harnesses.

SCAN TOOL ERROR CODES

1) 01312 - Powertrain Data Bus:  - Faulty

2) 18034 - PDB: error P1626 Missing Message from TCU  (Transmission Control Unit)
3) 18043 - PDB: error  P1635 Missing Message from A/C Controller
4) 18044 - PDB: error  P1636 Missing Message from Airbag Controller
5) 18058 - PDB: error  P1650 Missing Message from Instrument Cluster
6) 18270 - PDB: error  P1862 Missing Message from Instrument Cluster 

7) 18055 - PDB: error  P1647 Check Coding of ECUs
8) 18056 - PDB: error  P1648 Failure
9) 18045 - PDB: error  P1637 Missing Message from Electric Load Controller
A) 18097 - PDB: error  P1689 Implausible Message from Elect. Load Controller

B) 18104 - PDB: error  P1696 Implausible Message from Steering Column Controller
C) 18107 - PDB: error  P1699 Missing Message from Steering Wheel Electronics

D) 18057 - PDB: error  P1649 Missing Message from ABS Controller
E) 18259 - PDB: error  P1851 Missing Message from ABS Controller
F) 18090 - PDB: error  P1682 Implausible Message from ABS Controller
G) 18261 - PDB: error  P1853 Implausible Message from ABS Controller

Implausible signal means that it is "intermittent", even intermittent at the time the diagnostic tester was interfacing with the ECU's, TCU's, STC's ABS's, A/C etc... "Missing Message" implies absolutely no contact (Open Circuit) with the respective modules at the time of testing. Since VAG cars became inundated with electronic modules, our individual cars each have a few hundred more electrical connections than the previous generation of cars each and everyone of them subject to the tresses and strains of  the bumps on uneven roads and spirited driving. Add engine heat, steam, dampness and other weather conditions to this equation and suddenly these connections become tarnished over time. Tarnished connections are certainly not electrically sound and one way to clean these contacts is with contact spray but graphite or a grey ink rubber would be more effective to clean the tarnish off the gold plated PCB edge connectors. The Bentely VW manual suggest replacement of the whole wiring harness if  any problems arise but it comes at a cost of  $798.00 and that's for a 2007 VW Polo highline. I would hate to know what it would cost for a 2013 Volkswagen Touareg or 2013 Volkswagen Amrok not to mention 2013 Audi A8 or Audi TT .

VAG cars are really nippy and a joy to drive and I'm certain the bulk of VAG car owners enjoy spirited driving but many many VAG car driver probably regret this since they only experienced  EPC light troubles after they did some real spirited driving. I know this is absolutely true for Audi TT drivers who complained that their cars were fin until they gave it a nice workout. It is obvious centrifugal force, torque, tension, flexing, wind resistance and inertia plays their respective roles on the plugs and connectors. The EPC Light problems above, D through G appears to dictate that the ABS Controller is faulty or its edge connector / plug is faulty or the harness is faulty. B through C suggest that the Steering Wheel Controller is faulty or its edge connector / plug is faulty or the harness is faulty is causing the EPC light  to light up. Numbers 5&6 seems to favour the Instrument Cluster as faulty or its edge connector / plug is faulty or the harness is faulty which causes the EPC light to light up. Number 9 and letter A seems to blame the Electric Load Controller for triggering the EPC light. Numbers 1-4 and 7&8 seems to suggest some other electronic module caused the EPC light to light up. All these modules have one thing in common, they are all associated with the Powertrain Data Bus. In essence any module associated with the Powertrain Data Bus can cause the EPC light on VW Polo or other VAG cars to trigger.

THE SECRET TO MAKING MONEY ONLINE.

NB! If you found this information useful, please link to this page.

More on EPC light DEMYSTIFIED....