More VW Scandal/Security Flaw

[Hawkeyethenoo]

Revealed: The 100 car models at risk of being stolen due to security 'flaw'

University of Birmingham scientist is finally allowed to publish research after two-year legal battle with Volkswagen

University of Birmingham's computer scientist Flavio Garcia

A scientist from Birmingham has won a two-year legal battle to finally publish research that reveals a major security flaw that could leave scores of car models at risk of being stolen.Volkswagen had used its lawyers to keep under wraps the research of University of Birmingham computer scientist Flavio Garcia and his colleagues Baris Ege and Roel Verdult from Radboud University Nijmegen in the Netherlands. They discovered more than 100 models of cars produced by 26 car manufacturers are at risk of theft by hackers who could crack codes to produce fake keys - thanks to flaws in a device designed to prevent vehicles from being stolen.Among the makes of car at risk are Audi, Honda, Skoda, Citroen, Fiat and Volvo - as well as top of the range sports cars produced by Porsche and Ferrari.

 

 

 

After a lengthy legal wrangle, which saw Volkswagon suing both the universities and researchers, Volkswagen has now agreed to the publication of the paper after the researchers agreed to omit a single line from their report - a pivotal detail which could allow a nontechnical person to work out the hack.In the past, thieves could hot-wire a car to get it to start. But now, there are computer chips inside the key fob and car ignition switch aimed at making car theft more difficult.

A car only starts if the chips are near each other and send just the right code. However, the researchers claimed a flaw lies in a chip called a Megamos Crypto transponder - widely used in the car manufacturing industry. The transponder “talks†to the key fob wirelessly to check its identity - and if it can’t find the correct code, it immobilises the engine.

 

In theory there are billions of possible combinations for the code, making it all but impossible to happen upon the right one by chance.

But the hackers discovered that by listening in to the wireless communication between the car and the transponder just twice, they could narrow the number of possible combinations down to just 200,000. Then an automated ‘cracking’ programme could try each one of those 200,000 codes - allowing it to find the right combination in just half an hour. And once the right combination has been found, it would be child’s play for the hackers to make a fake key that will be recognised by the car as the real deal. It is feared a hacker could potentially become a valet driver and steal a fleet of cars - or steal a rental vehicle long after returning it. Mr Garcia said: “It’s a bit like if your password was ‘password’. “We want to emphasise that it is important for the automotive industry to migrate from weak proprietary ciphers like this to community-reviewed ciphers and use it according to the guidelines.†Mr Garcia and his fellow researchers presented their findings in August at a prestigious conference in Washington. They said they gave the Swiss firm EM Microelectronic, which produces the Megamos Crypto transponder, nine months to fix the problem in late 2012 before they planned on going public with their discovery. The firm was unavailable for comment.

 

A Volkswagen spokesman said the hack takes “considerable, complex effort that’s unlikely to be used - except by tech-savvy, organized crime syndicatesâ€Â.

He added: “We have an interest in protecting the security of our products and customers. “In this connection, Volkswagen does not make available information that might enable unauthorised individuals to gain access to its vehicles. “In all aspects of vehicle security, be this mechanical or electronic, Volkswagen goes to great lengths to ensure the security and integrity of its products against external malicious attack.â€Â

[Pillock]

He's right, the likelihood is that if someone wants your car they'll either bash you on the head in the street and take your keys, or just break into your house and take the keys. Half an hour with some cracking hardware is a long time to sit outside someone's house with the alarm going off - as you can't query the immobiliser from outside, you need access to the reader ring around the steering lock.

 

It's a bit sad that this is referred to as the VW Scandal - the list clearly shows other manufacturers at risk, less models but then most of them make less models. VW were the ones trying to stop the information being passed on, the others presumably couldn't give a toss. Why is it not the Honda scandal?

 

Can't the AA and RAC guys code immobiliser chips from the VIN number? You know, the number you can see at the bottom of the windscreen.

[alf892]

Hasn't this done the rounds before? I'm sure I've heard of it and similar one focused on BMW?

 

A bit of a non story really..........computers not infallible shocker type thing.

[Tayne]

Did anyone else look at that list and wonder what the hell a Tagaz Road Partner was?

 

 

Its a Russian-made Ssanyong Musso.

 

 

 

[gary_davidson]

looks like far too much effort to steal a kia pride

[Tayne]

Also, why is the Porsche 968 on that list?

 

They went out of production 20 years ago!

[New POD]

Having been on the Lucas DPC smart solenoid team, where Lucas Diesel was forced by 90's legislation, to take a proven design for the fuel on/off solenoid (basically a plunger with a nitrile or Viton plug on one end and a spring at the other, with a bit of copper wire to create a magnetic field and pull it away from a hole), and ASK LUCAS ELECTRONICS TO add electronics to it, BUT keep it the same size, a project that consumed millions in capital equipment and 100's of quid in development, I'm amused by the fact that anyone really cares. The legislation is to survive for 15 minutes of abuse.

 

The more anti-theft measures your car has as standard, the more likely someone will stab you in the dark, and take your keys.

 

Or they could LIFT it with a crane if it was really valuable.

[chaseracer]

looks like far too much effort to steal a kia pride

 

Aye.  Just raffle it.

[HH-R]

I think the Kia Rio is known as the Pride in some markets.

 

Still not too worried, I can't imagine mine being lifted - not strong enough for ram raids, not fast enough to get away from Police, not expensive or desirable to sell on, parts not valuable, and too much hassle for your average scrote to drive round the estate and then burn out.

 

If they do mean the old one, then you can probably just talk one of those into being stolen.

[cms206]

 

 

I think the Kia Rio is known as the Pride in some markets.

Aye, the current generation Rio is marketed as Pride in a few markets.

 

It's a shit Pride though. Real winners drive a proper Pride.

[cobblers]

You can buy a "drive box" off ebay for £10 that you plug into the OBD port of any 2000-2008 ish VW that will disable the immobiliser in seconds. I've never used one to comment on their efficiency.

 

What I do know is you can remove the immobiliser from the ECU in a minute with a laptop attached to the OBD port, but you might need to take the ECU apart and ground a pin while you do it.

 

However you can buy an ECU to remove the immobiliser from for £30 and they take 30 seconds to fit if it's owt like my ibiza, and on top of that you still need to get into it, kick the cowlings off and break the steering lock etc.

[Cavcraft]

Tayne, on 08 Oct 2015 - 8:44 PM, said:

 

 

 

 

 

 

 

 

I'd twiddle with her black box alright. 

[oldcars]

Shite. Shuma is on. Off to buy 4 crook locks.

 

Tagaz Road partner also sounds like a poor Service Station in Bulgaria.

[martc]

 

 It is feared a hacker could potentially become a valet driver and steal a fleet of cars - or steal a rental vehicle long after returning it.

 

Those valets - never could trust them when you hand over your key and they take your car away. And then bring it back.

 

Good luck in tracking down a specific hire car several months later. Actually It'll be at CarCraft with curbed alloys and a fag burn in the seat.

[The Moog]

 

 

Good luck in tracking down a specific hire car several months later.

 

Actually It'll be at CavCraft with curbed alloys, a white doggie inside and a corsa badge sellotaped to the back.

EFA