Lets Talk About: New Discovery, Over 100 Million Volkswagen Group Cars Vulnerable to New Car Key Hack

Please give me just some seconds of your time and hear me out. Read what i have gt for you here i believe this will help you take precaution. Well as usual team of researchers from the University of Birmingham, the UK, have discovered two new vulnerabilities that allow an attacker to create copies of
authentic car keys used by the Volkswagen Group. The researchers found that, during the past 20 years, Volkswagen has been building remote keyless entry (RKE) systems that utilized a small number of cryptographic keys to secure the signals sent from the RKE system to the car.

The researchers say that two vulnerabilities in the design of car keys from the Volkswagen Group allow an attacker to intercept these signals, break the decryption, create a clone of the car key, and use it to steal cars.

Attack is cheap and works from a distance
To perform an attack described by the researchers, the thief would first need a special device, which only costs around $40 to make, and would need to be within 300 feet (90 meters) of the targeted car to intercept the encrypted radio signal.

To decrypt this signal, the thief must also extract a shared cryptographic key that can be found in one of the car's components. The bad news for car owners is that Volkswagen didn't use too many of these shared keys, and based on the car make, model, and year, an attacker would know where to look for.
The thief would have no problem extracting the key from a car they have legal access to, and then use that shared key on the car they want to steal. A database of shared cryptographic keys would be very easy to build this way.

Multiple car brands are affected
The Volkswagen Group owns Audi, Bentley, Bugatti, Lamborghini, Porsche, SEAT, Scania, Skoda, and the Volkswagen brands. According to statistics, the Volkswagen group has sold over 100 million cars in the last 15 years, but more cars may be exposed since the Group has been providing remote car keys for its products since 1995.

Flavio Garcia, the expert who led this latest research, is also one of the researchers part of a crew that discovered a security flaw in one of the components used by the Volkswagen Group's RKE system in 2013. Back then, the automaker sued the researcher and prevented him from going public with his findings for two years instead of fixing the flaw.

Researchers didn't share the full attack details
This time around, the researchers notified the Volkswagen Group and a third-party subcontractor about the issues. The company allowed the researchers to publish their data as long as they didn't share details that would put customer property in danger.

"[W]e agreed to leave out amongst others the following details: crypto-
graphic keys, part numbers of vulnerable ECUs, and the used programming devices and details about the reverse-engineering process," the researchers explained.

Below is an image of the device the researchers used to intercept radio communications between the RKE and the car. More technical details can be found in Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. Hope this information got to you on time, good luck.

Lets Talk About It! Join Me Please
EmoticonEmoticon