The media attacks on VW about their diesel emissions testing has taken another subject off the table: security flaws in the electronic locking systems!
This is another case that has been ongoing for a number of years. Unfortunately this issue doesn’t just cover VW but a number of other non VW Group manufacturers, however it was VW that got the headline – and this was before the diesel test issue rose its head. I was going to write this post a few weeks ago but the other, larger story trumped it!
There has been a trend in recent years of cars being stolen to order in the UK and they are typically mid to high-end luxury cars that have the latest electronic keyless locking systems. I did read an article in Daily Nation that quoted the UK police saying that £400M worth of cars are stolen in the UK each year and get shipped to East Africa. The article quoted the Uganda police as impounding £10M worth of ex-British luxury cars in June alone.
The two links between the two stories are:
- The vehicles stolen: VW Group cars from VW, Audi, Porsche, Bentley and Lamborghini plus BMWs and Range Rovers.
- The use of the same electronic transponder from Megamos in the locking systems.
Some 42% of all cars stolen in London are by organised crime gangs who repurpose or ship the cars overseas. The police know that it can take 1 minute to enter a car fitted with certain electronic locking systems.
Researchers looking into the problem have discovered a flaw in the system and have detailed how the security protocols used in the Megamos Crypto transponder can be a target for criminals looking to a steal luxury vehicle. The researchers also stated that this wasn’t a theoretical breach, they had actually found the way to bypass the systems as the criminals had already proved it could be! It was done by amplifying the signal, seeing what response came back to the hacked transponder and then cycling through 100s of thousands of signals until the correct one is found. The CPU on a transponder can do this in a super fast time.
In 2012 the researchers approached the manufacturer of the transponder and then approached VW the following year. This suggests that the component manufacturer ignored the warnings (or didn’t respond), so the next stop was a major purchaser of the equipment. VW sued the researchers to stop them publishing their paper – clearly by doing so, they would prevent the flaw from being in the public domain. This was probably a good strategy as it prevented many extra car thefts. The paper has now been published without the exact details to show the algorithm used.
A VW spokesman was quoted in Automotive News as saying: “Volkswagen maintains its electronic as well as mechanical security measures technologically up-to-date and also offers innovative technologies in this sector.” An interesting statement that one hopes includes providing a patch or new system as part of a recall or even implemented on new cars. The spokesman did say that some Passat and Golf models are unbreakable due to the fact that the key signal its (currently) undetectable. Hopefully these systems will go up the stack to the higher end of the market!
Other European manufacturers use the same Megamos transponder so they also need to make some changes and other transponders have been targeted in the past with successful hacks breaking them. This is a modern world issue that will never really go away – every time new technology is developed or new algorithms defined for security, someone will have a go at attacking and within an ever shorter time, will break it.