VOLKSWAGEN HACK

VOLKSWAGEN  HACK

Since the inception of OBD-II car manufacturers were mandated to install immobilizers on all vehicles built from 1996 onward. The preferred technology used by more than a dozen vehicle manufactures which includes Audi, Volkswagen, Volvo, Fiat, Honda and Chevrolet, was the Magamos Cryto transponder, viz ID48. A passive glass RFID chip used for authentication and preventing hot-wiring, embedded in the keys of these vehicles had a vulnerability. Electronic vehicle immobilizers in general have been very effective at reducing car theft to date, but today some 24 years later virtually each and every car immobilizer manufactured is defunct and the security they provide is worthless because its been hacked. 

This vulnerability in automotive security was cracked as long ago as 2013 by computer scientist Flavio Garcia and a team of researchers at the University of Birmingham. By implication they suddenly had access to a 100 000 000 Volkswagen vehicles across the globe. However, before they could publish their research to general public consumption, they were hit with a lawsuit which caused a two year delay but their paper was eventually publisized.  Their article reveals numerous weaknesses in the design of the cipher, the authentication protocol and also in its implementation allowing them to gain eavesdrop on authentication traces. This was sufficient  to recover the 96-bit secret key with a computational complexity of 256 cipher ticks and the secret key after 3 × 216 authentication attempts. This was all achievable in under  only 30 minutes. 

This all came about when local police was baffled that cars were being stolen and nobody could explain how. But they suspected that the thieves  used some kind of ‘car diagnostic’ device to bypass the immobilizer and start a car without a genuine key. In order to solve this mystery Flavio Garci and his researchers  were motivated to evaluate the security of vehicle immobilizer transponders. At the time it was commonly known hack attacks for other widely used immobilizer transponders, viz DST40, Keeloq and Hitag2 though  not much was known about the vulnerabilities of the Megamos Crypto transponder.

The Megamos Crypto transponder has since been cracked by the university team in their attempt to discover how "the thieves did it'' and realized how easy it was. This speak volumes about the technical, cryptographic, algorthmic, code cracking software savviness of the thieve who figured it all out even before the scientist and his team.

So now a team of researchers from the University of Birmingham and a German engineering company viz. Kasper & Oswald intent revealing two distinct vulnerabilities they say affect keyless entry systems. Using these two vulnerabilities resourceful thieves would be able to wirelessly unlock virtually every vehicle that  Volkswagen manufactured during the past twenty years.  These include  cars from manufacturers like Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot. 

No car with the most sophisticated immobilizer built during this time is immune to evaporate in the middle of the night, unless protected by old school brute force, steering and gear locks, parked inside a garage protected by half a dozen pitbulls.