Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button Security researchers will demonstrate how crooks can break into cars at will using wireless signals that can unlock millions of vulnerable vehicles. The eggheads, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, have managed to clone a VW Group …
Welp, it was nice knowing VW. Between faking diesel numbers and this, it'll be interesting to see them survive the lawsuits.
Investors might take a haircut, but as one of Germany's largest companies (probably THE largest German company), anybody who thinks that the German government will just watch VW shrivel into the hands of a US vulture fund is kidding themselves.
You do not seem to be aware of the relation between German economy and car manufacturers. Also, 20% of VW is effectively state-owned
I don't know enough about counties like Denmark, but France, Germany, Italy and Greece seem to have very relaxed views of the interpretation of EU wide legislation, in their favour. The U.K. Uniquely, amongst the larger nations tends not to (although they do seem to be taking a much more reasonable point of view over vaping legislation - disclaimer, I don't). If I was writing a sketch for Yes Minister, Sir Humphrey would be organising it all..... In the name of unity of course.
What if car manufacturers take a leaf out of Formula 1's book and develop detachable steering wheels for family saloons etc? The steering wheel could have a unique serial number that hardware in the steering column could detect and would only allow that wheel to operate the vehicle? No steering wheel, no worries!
Inevitably leading to someone having to stand at the tobacco counter at Tesco's as their icecream nelts and say, errr... has anyone handed in a steering wheel? I'm sure I had it when I paid, but can't find it anywhere
Not that I once realised I'd left my wallet on the counter once I'd driven 100 miles. Thankfully there was enough diesel in the tank to get back
Inevitably leading to someone having to stand at the tobacco counter at Tesco's as their icecream nelts and say, errr... has anyone handed in a steering wheel? I'm sure I had it when I paid, but can't find it anywhere
"Nah mate, but we've had this old quartic one from an Allegro knocking around spare since the rest of the car rusted away - you can have it to get you home..."
"Thanks, but I'd rather walk."
Not that I once realised I'd left my wallet on the counter once I'd driven 100 miles
Well better that than getting to 100 miles before realising that you have left the removable steering wheel behind.
Incidentally, does this mean that if I use this technique to steal a VW I would be able to to join the class action suit for the emissions fiddling?
Plenty of LR Defender owners remove the steering wheel at night to prevent theft. Those of us with poor in-built security are well versed in using layers of security. Looks like those with more modern vehicles need to do the same.
Mine's the one with 2 trackers, smart water sprinkled liberally, etched windows, huge sterring immobiliser and steel grills over the rear windows.
" develop detachable steering wheels"
well I remember when car stereos used to be removable - and people would plonk them on the bar in a pub like a status symbol. (pinstripe shirt and braces wearing types) .
Somewhere down the line the stereo manufactured realised you didnt have to drag the whole stereo around with you and the "removable front panel" was invented.
Further down the line, ie today , for those who still want the "take it with you" security placebo its now just a small "KEY" that comes out of the stereo.
Full circle.
The steering wheel could have a unique serial number that hardware in the steering column could detect
Or in other words, exactly like the immobiliser chip in the key currently works? I have to point out, a key is a lot more convenient to carry in your pocket than a steering wheel.
"What if car manufacturers take a leaf out of Formula 1's book and develop detachable steering wheels for family saloons etc? "
the siting of airbags in the wheel would stop that......
however many years ago in a pub alongside the docks in Dublin I was amused to see a rack of steering wheels hanging on the wall while their owners drank excess amounts of Guinness. The steering wheels were routinely removed on parking to prevent the local teen joyriders........
So, you want to replace a small, pocketable key for a big one that people will just leave in the car? I can't see people wandering around the local supermarket, steeringwheel in hand.
The problem isn't the form factor of the key, but the fact that the serial numbers in the keys are based on a very small number of master serial numbers, which means they can be easily cracked. Whether you put the serial number (generator) in the key or the steering wheel doesn't make any difference, you would just need a steeringwheel with the software hack, as opposed to a key with the software hack.
"Garcia was previously blocked from giving a talk about weaknesses in car immobilisers following a successful application to a British court by Volkswagen"
Slightly more detail on this here:
https://www.theguardian.com/technology/2013/jul/26/scientist-banned-revealing-codes-cars
Very dodgy decision if you ask me.
Why was it a dodgy decision? VW did not want the entire paper suppressed, but merely wanted the actual code (cryptographic key) redacted. That would not have reduced the academic purpose of the paper one bit, but would have prevented criminals having the actual key needed to steal cars. The researchers refused to publish the paper without the key.
Personally I'm not a fan of keyless entry. I prefer some mechanics, also because it gives me an emergency power switch in case things go wrong. In a keyless car it should actually mandated they have the same sort of kill switch installed as is required on racing cars, for the same reason: in case of problems, kill the damn thing.
Admittedly that'll be a bit harder with electric cars, though (imagine the cabling), but I've worked long enough with electronics and computers to know that a last resort ability to kick the plug out of the socket is not as much a luxury or overengineering as it appears.
The engines of keyless Fords can be turned off by pressing and holding the Start button, or by pressing it quickly three times.
That's not an emergency cutout; it still relies on some piece of software to not have gone titsup. It's not something I'd trust to kill the engine, unless it's some dedicated, separate piece of hardware that controls a Big Chunky Relay killing power to vital parts of the engine (but not braking and steering). But a direct mechanical way to get the relay to disconnect would still be on my requirements list.
Kill switch, huh?
Well, you could attach a mechanical device that cuts the battery cables, the radiator fan belt and a few
spark plugs, when you pull on that string. Or install a hand grenade that literally blows the engine exactly when you want it to happen. The "sugar in the tank", "sand into the crank case", or "sausage into the
exhaust pipe" methods work slower, but could also be updated and robotized. So many ways to kill an engine.
Yup, that's right. The battery on my FOB died, and I haven't found the time to replace it, so I am using my physical key again.
It's a whole new world, because no sneaky FOB-radio-listening-hacker can ever get my code. They can of course use physical methods to steal my car, but, hey, who would want to steal a 20 year old rust bucket with a resale value of close to nada, zero and zilch. I am so safe, it's unbelievable.
But merely as an engineering idea, I think one could come up with an ever-changing random code, such that each time the FOB is used, the code changes. Something with PGP and such with an extra allotment of whatnot.. With radio waves that lie when listened to, in a quantum jumpy sort of way.
(Yes, your honor, my FOB is smarter than me, yes, my FOB lied, because we told it to.) With a code that is embedded in a bunch of random garbage, and only the car and the FOB knows where it begins or ends. As in: 512 bits of garbage, 5 bits of code, 463 bitsa garbage, 7 bits of code, 585 bits of garbage, 39 bitsa code, 4567 bitsa garbage, 85 bitsa code, plus extra garbage, with the beginning and end of garbage changing based on random crap, time of day, the measurment of marigolds and the weight of sunspots. How hard can it be, when you are inspired?
Like tomato sauce, except without garbage, it's all in there, salted, spiced, amazing and undoable.
I wish I wan't too dumb to be a genius.
Of course, anything will eventually get cracked, just to keep people on their toes.
Until then, thieves have to go for the obvious and quietly break the mostly still breakable windows.
Shhhhhh! Be very very quiet, we are hunting VW's...
There was an article about car privacy and all the new connected services that you CAN'T disconnect
http://www.bbc.com/autos/story/20160809-your-car-is-not-your-friend
He has a VW and was told to bark up a tree when he asked about disconnecting Car-Net. He even got a letter from VW saying "hahaha, no"
He also looked at a forum posting about an incredibly difficult procedure to dig out the unit and trash it.
Only when the BBC contacted VW for comment did they say "oh no, that letter is wrong, we can disconnect that!" and they also said "the BBC is picking on us and making us seem like a bad guy!"
This is the sort of condescending "we know best" attitude that makes me cheer on the hackers for a change.
I hope VW gets reamed by thefts and lawsuits. Fucking assholes.
Weird, that. I have it on VERY good authority (think high level insider) that Audi actually has special proxies in place for all that traffic to protect privacy (and has for years, it's not even a new idea), so I'm a bit surprised that VW would somehow use a lesser approach. Maybe you were talking to UK people who didn't bother calling Germany but just gave you the weirdo treatment - I've had that attitude from a few companies so it would not surprise me in the least.
Germany is fairly hot on privacy, probably more so than on emission cheats..
The way Audis are driven, the drivers probably need to hide their identities.
So they're the new BMWs. And? From an engineering perspective they're quite well done, so if I wasn't planning on buying a Range Rover, Audi would be my second choice. I just wish Tesla's looked better, they strike me as the ideal city car.
> (Audis) From an engineering perspective they're quite well done
Au contraire - any car that needs about a pint of oil a month[1] isn't 'well done' - it's crap. None of the cars I've owned have used that amount (not even the Rover Sterling - mind you, that had a 2.7V6 Honda engine). Not even my wife's Morris Minor uses that amount and she uses it pretty much every day!
[1] All the company cars my previous place had used oil like it was going out of fashion - the local Audi garage said it was "because of their racing heritage". Tell that to Jaguar, Honda et. al.)
Au contraire - any car that needs about a pint of oil a month[1] isn't 'well done' - it's crap.
I think your local garage needs to be audited if they do their servicing well. I've had Audis for years and I only ever had to add oil once between regular services because I'd done a month worth of German motorways on some project and I gave in to the inevitable temptation that that and a rather enthusiastic V8 under the hood brings (not during peak hours, of course). *Oil* use wasn't a problem, but you don't half burn through fuel when you go fast.
Oil use was an issue about 20 years ago.
If this were a plot element in a movie, it would be hilarious. I'm picturing Seth Green pushing a button, and all the cars within 10 city blocks unlock, and all their doors fly open.
Then a parade of Mini Coopers filled with gold zoom by on the sidewalks or something while the New Yorkers get out of their cars and start swearing at each other.
Good times.
All I can muster is a yawn. I never felt my car was invulnerable to thieves when locked. Pretty sure a Slim Jim will still be the tool of choice for the typical thief. Maybe if I had something really expensive like the R8 I'd be worried about sophisticated thieves using a wireless unlocking hack...
Pretty sure a Slim Jim will still be the tool of choice for the typical thief
I think you'll find that modern designs cater for that.
Maybe if I had something really expensive like the R8 I'd be worried
So you never have to leave anything of any value in the car then ? This isn't about stealing the car (it's already been mentioned that you'd still have the immobiliser system to get around), but about unlocking it. In principle, you could have left the (for example) Christmas shopping in the car while you take a break/do more shopping/have a meal/whatever - and meanwhile someone can come along, unlock the car, take the shopping, and lock the car before they leave. Or you might need to leave the laptop in the boot while you go out for a meal with mates after work. Or ...
like it. it's a beautiful car, sleek figure, 240hp. When I put the foot down, it goes. I like that."
Did you buy the optional indicator add-on system? Unlike the A5 twat on the motorway today who nearly wiped me out when he decided to change lanes without looking or indicating.
Note, only half joking. I drive a *lot* and the vast majority of the twats doing stupid things seem to be Audi, BMW or Merc drivers.
I like it. it's a beautiful car, sleek figure, 240hp. When I put the foot down, it goes. I like that.
Now I learn that any technically-inclined scum can wave a magic wand and I'm losing my car ?
'91 XJS V12HE. 295bhp. It goes well enough (150mph+) if you want it to.
No matter of wand waving is going to make it magically open the doors either.
Matter of opinion of course, but looks better too.
"'91 XJS V12HE. 295bhp. It goes well enough (150mph+) if you want it to.
No matter of wand waving is going to make it magically open the doors either."
Wirelessly opening the doors is easy on pretty much any car I've ever seen. The high-tech solution is called a "brick".
<Insert snide comment about anything having Windows being easy to get into here>
from the motorcylists book
My bike has an immobilizer fitted, wireless transmitter in the key sort of nonsense, but that still does'nt stop me from putting a very solid lock through the front wheel so the bike cant go walkies
Crooklock the steering wheel.... only way to be sure
And car makers.... what was so wrong about having a mechanical lock........................
Once you're in the car, you have all the time in the world to remove a crooklock out of sight of even passers-by. And you can rummage through the glove compartment, nick the radio, etc. in your own time too so it would never be a total loss.
And I've yet to see a single insurer provide a discount for you using Crooklocks or similar. There's a reason for that. Most of them can be opened quite easily so long as there's not a crowd breathing down your neck.
Who's going to stop the bloke sitting in "his" car fiddling with his phone on his lap? Because you'd be hard pushed to tell the difference.
To be honest, the only thing you ever get insurance discounts for are a) parking it somewhere slightly safer the majority of the time and b) putting in an approved tracking device so it can be recovered. Other than that, you're generally wasting your own time and money more than the crook's. A pair of bolt-cutters will cut right through anything you attach to your car (wheel clamps, Crooklocks, etc.).
The biggest hindrance is generally opening the doors quietly, and then starting the engine against all the modern electronics. Everything above and beyond that is really small-fry in comparison.
And in most cases they probably could just walk through a quiet car park, open one in every 10 cars with a gadget like this, and just have a peek in the centre console for change and make enough in 20 minutes to make it worth their while.
I think you'll find that not even Tracking Devices get you an insurance discount these days.
I bought a relatively new SL recently and naturally enquired about adding a Tracker. £750 installation, £100-ish per year, seems expensive. So, I rang around a few insurance companies to find out whether the associated discount would cover the expense.
The result? Zero discount. All of them. So, my current insurer will just have to wear the claim if the car is stolen, as there's absolutely no reason for me to spend my hard-earned...
Anon, obviously ;)
As it has been demonstrated before, VW keys don't need to be hacked because they're transponders. The natural decay of RF energy is their only security mechanism. An analog RF relay will open the doors and start the engine. I haven't hooked up my 'scope to the door yet, but it wouldn't surprise me if it used frequencies compatible with off-the-shelf cable modem range extenders.
You can pull the transponder battery out for security. The driver door has a hidden keyhole and there's a short-range RFID sensor on the steering column.
I put a 'scope on the door handle. Touching the handle emits a coded EM signal in the audio frequency range that the transponder replies to. I was able to activate the transponder from a distance using a crappy old Archer Mini Amplifier (LM386 demo circuit in a box) and a couple of coils as a low frequency signal relay. A Satellite TV amp should be able to relay the return path from the transponder. Add directional antennas and you have an open car.
Considering that you could open a typical 1980s/90s car with a coat hanger and the could be hotwired in about 10 seconds by someone who knew how, I don't think we are really any worse off.
I think though were are going mad on unnecessarily insecure wireless technology just because it's cool looking. I can't really see the great advantage of keyless ignition. At least when you have to insert a key or fob you know where your keys are!
DESPITE being aware of this for at least the 2 years they gagged him?
I'd have hoped they'd have used this time to maybe oh I dunno, recall and fix a chunk of 100 million cars, but failing that at least put a note in PR's calendar to ask them to prepare a statement on "We take security very seriously blah blah".
Repeat after me.
"Security by obscurity is no security at all".
This is despite being quoted £160 this week for a new fob for my i10, which could write off the car as there is a 5% chance of the ECU failing during the creation of 2 new keys which is a £500+ disaster.
I have it on good authority that nefarious folks are also using the well known drill-hole-in-battery method of ruining security, as most cars don't have any protection against this particular threat.
Insurance companies should look for evidence of lead oxide and sulphuric acid residues directly under where a "stolen" car was parked with a multispectral imaging device.
Until people make buying choices based on security then this will continue to be the case.
People might start to care if they understood that but at the moment the sales is done before the individual know their P&J is so easily stolen.
Maybe insurance companies should start assessing the security of cars to decide on the risk of theft and then adapt premiums. If I was an underwriter I would be ramping up premiums on VAG cars until the manufacturer fixed the issue and had it independently tested.
Really high insurance helped kill the hot hatch for a while until security got better.
A criminal friend of mine told me how his friends had devices which would disrupted the remote car locks and leave the car open. He also said how they had duplicated the system the dealerships have of replacing lost electronic keys. This is not new but it's interesting that it has been made public.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
