The keyless entry systems of an estimated 100 million vehicles contain flaws that could help a tech-savvy thief break in, according to research presented at the Usenix cybersecurity conference Friday.
Researchers at the University of Birmingham and German engineering firm Kasper & Oswald discovered two flaws in keyless entry systems used by various automakers. One affects the keyless entry systems of nearly all Volkswagen Group vehicles made since 1995, according to the researchers. Another affects the security of a keyless entry system used in vehicles from other manufacturers, including some Chevrolet and Ford models.
"Owners of affected vehicles should be aware that unlocking the doors of their car is much simpler than commonly assumed today," the researchers wrote in the paper.
Volkswagen's keyless systems rely on a handful of digital master keys. If an attacker is able to eavesdrop on the radio signal sent when a car's key fob is used, they can combine that information with the master key data to electronically unlock the vehicle, according to the researchers.
In a statement, Volkswagen said it was communicating with the academics and that the company's "electronic and mechanical security measures are continuously being improved."
The other flaw uncovered by the researchers involves a security algorithm called HiTag2 used in some keyless systems. In this case, there is no master key component. Instead, a thief would have to eavesdrop on the radio signals sent when the key fob is used eight times. Then, the attacker could use that data to figure out how to generate new codes for a cloned key within roughly a minute, according to the paper.
NXP, the company that sells chips for keyless entry systems that rely on HiTag2, told The Washington Post that the security algorithm has been gradually replaced with newer technology since 2006. The company has recommended for years that customers use more modern systems, it said.
The attacks laid out by the researchers require a lot of technical skills and on-the-ground efforts that are probably beyond the talents of most criminals.
But high-tech car theft is a real problem. In 2013, investigators were stumped by videos showing thieves using a mysterious digital tool to unlock vehicles. Earlier this month, authorities in Texas arrested two men police said had stolen dozens of Jeep and Dodge vehicles by taking over control with a laptop loaded with pirated software.