Volkswagen has come under fire over the last few days for vulnerabilities uncovered in its remote locking system, but most other manufacturers almost certainly have the same weaknesses.
This is one of the findings from a paper presented at last week’s Usenix conference by Flavio Garcia, David Oswald and Pierre Pavlides from the School of Computer Science at Birmingham University and Timo Kasperz, from Kasper and Oswald.
The researchers performed a case study on the security of keyless entry systems of most VW Group vehicles manufactured between 1995 and today, finding that they can be cloned to allow unauthorised access.
They also described the Hitag2 rolling code scheme used in vehicles made by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford among others in detail.
The team found that the cryptographic key for this scheme could be recovered and the remote control cloned.
“Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles,” the team states.
The researchers point out that there are several methods whereby access to vehicles can be gained, from remote jamming to being able to open vehicles then lock them afterwards.
The paper presented at Usenix was titled: “Lock it and still lose it – on the (in)security of automotive remote keyless entry systems”.