Computer security experts at the University of Birmingham have published a document outlining their ability to clone VW remote keyless entry controls, and even eavesdrop nearby when drivers press their key fobs to open or lock up their cars.
The vehicles that are vulnerable to this attack include most Audi, VW, Seat and Skoda models sold since 1995 and many of the approximately 100 million VW Group vehicles on the road since then, researchers said. Additionally, it was found that the flaw was located in car models as recent as the Audi Q3, model year 2016.
The VW spokesman Peter Weisheit said that its current Golf, Tiguan, Touran and Passat models are not at risk from the attack, adding: “This current vehicle generation is not afflicted by the problems described.”
Previously, in 2013, VW obtained a restraining order against a group of researchers including Garcia to prevent publication of a paper detailing how certain anti-theft car immobilizers were vulnerable to hackers. That research was published in 2015 after the authors agreed with VW to remove a detail that would have allowed thieves to figure out how to carry out an attack.
The authors also describe a second attack that could be used against Hitag2 (HT2) remote keyless entry systems used in older models of other car makers, running on circuits produced by Dutch-American chipmaker NXP.
An NXP spokesman said HT2 chips first introduced in 1998 have been gradually replaced by automakers since 2006 and that the chipmaker has advised them to replace HT2 chips in new cars since security weaknesses were reported in 2009 and 2012.
The reports’ authors said they had focused on mass-market models and did not analyse in detail VW’s luxury brands including Porsche, Bentley, Lamborghini and Bugatti.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.