If you are a Volkswagen owner, you are most likely to be at risk from a remote cloning attack, according to a new survey.
Μετά το reverse-engineering των keyless συστημάτων εισόδου πολλών μοντέλων της VW από τις αρχές της δεκαετίας του 2000 έως και το 2016, μια ομάδα ερευνητών πιστεύουν ότι η συντριπτική πλειοψηφία από τα 100 εκατομμύρια οχήματα του ομίλου VW που πωλήθηκαν σε αυτό το διάστημα είναι ευάλωτα σε μια επίθεση κλωνοποίησης κλειδιού που αφήνει την μίζα και το σύστημα εισόδου (keyless) εκτεθειμένα σε παραβιάσεις.
Attack can be done by using inexpensive materials, such as commercially available battery radios, which are capable of intercepting and recording the scrolling codes used by keyless systems. Then the same device can emulate the car key.
One of the tools developed for the attack was an RF transceiver with Aduino that costs about 40 dollars.
Researchers from the University of Birmingham in England, and the German security company Kasper & Oswald will present their research this week at the Usenix Security Conference to be held in Austin, Texas.
The researchers note that the Volkswagen Group used only a few global master keys for RKE systems in vehicles sold over the last two decades.
“By knowing these keys, an opponent can hear a single signal from the target remote. It can then decrypt this signal, obtain the current UID and the value of the meter, to create a clone of the original remote control that locks or unlocks each door of the target vehicle. ”
Researchers discovered master keys by reverse engineering the firmware of electronic control units (ECU). The attack exploits weaknesses in the encryption key distribution method.
The researchers informed the VW Group about the vulnerabilities points and came to an agreement with the company not to disclose the cryptographic keys, and the numbers of the vulnerable ECUs.