AUSTIN, Texas, Aug. 12 (UPI) -- Many of the 100 million Volkswagens with keyless entry are easily hacked, a research paper says.
The paper, by University of Birmingham, England, researchers and Kasper & Oswald, a German security firm, describes methods for hacking the keyless entry feature of Volkswagens made since 1995, and concludes anyone with a homemade radio costing no more than $45 could intercept key fob signals of targeted cars. Some of the signals were universal, indicating they have the same cryptographic profile.
"We were kind of shocked," Timo Kasper at Kasper & Oswald told the BBC. "Millions of keys using the same secrets. From a cryptography point of view, that's a catastrophe." He added Volkswagen was alerted to the problem, and "We had some very fruitful discussions."
The security flaws enable a hacker to identify a particular car, then intercept the radio signal from the key fob. When the signal is paired with another signal, a base key, shared by many Volkswagens, the car can be opened. While the steps are difficult to accomplish, the base cryptographic key data could be published on the Internet, and hackers around the world would have half the problem solved.
Volkswagen said the hack will not start the engine of any car, that its newest models do not have the potential problem, that some understanding of cryptography is required to launch the hack. The company says it is working with the researchers.
The paper was to be presented Friday at the Usenix cybersecurity conference in Austin, Texas.