If you are a Volkswagen owner, you are most likely to be at risk from a remote cloning attack, according to a new survey.
Following the reverse-engineering of the keyless entry systems of many VW models from the early 2000 to 2016, a group of researchers believe that the vast majority of the 100 million vehicles of the VW group sold in that time are vulnerable to a key cloning attack that leaves the starter and keyless system vulnerable to violations.
The attack can be carried out using cheap, materials such as radios with batteries commercially available, which are capable of intercepting and recording the rolling codes used by keyless systems. Then the same device can emulate the key of the car.
One of the tools developed for the attack was an RF transceiver with Aduino that costs about 40 dollars.
Researchers from University of Birmingham in England, and the German security company Kasper & Oswald will present their research this week at the Usenix Security Conference to be held in Austin, Texas.
The researchers note that the Volkswagen Group has used only a few global master keys for RKE systems on vehicles sold over the last two decades.
“By knowing these keys, an opponent can hear a single signal from the target remote. It can then decrypt this signal, obtain the current UID and the value of the meter, to create a clone of the original remote control that locks or unlocks each door of the target vehicle. ”
Researchers discovered master keys by reverse engineering the firmware of electronic control units (ECUs). The attack exploits weaknesses in the key distribution method encryptions.
The researchers briefed the VW group on vulnerabilities and agreed with the company not to disclose cryptographic keys and vulnerable ECU numbers.