Please give me just some seconds of your time and hear me out. Read what i have gt for you here i believe this will help you take precaution. Well as usual team of researchers
from the University of Birmingham, the UK, have discovered two new
vulnerabilities that allow an attacker to create copies of
authentic car
keys used by the Volkswagen Group. The researchers found that, during the past 20
years, Volkswagen has been building remote keyless entry (RKE) systems
that utilized a small number of cryptographic keys to secure the signals
sent from the RKE system to the car.
The researchers say that two vulnerabilities in the
design of car keys from the Volkswagen Group allow an attacker to
intercept these signals, break the decryption, create a clone of the car
key, and use it to steal cars.
Attack is cheap and works from a distance
To perform an attack described by the researchers,
the thief would first need a special device, which only costs around $40
to make, and would need to be within 300 feet (90 meters) of the
targeted car to intercept the encrypted radio signal.
To decrypt this signal, the thief must also extract a
shared cryptographic key that can be found in one of the car's
components. The bad news for car owners is that Volkswagen didn't use
too many of these shared keys, and based on the car make, model, and
year, an attacker would know where to look for.
The thief would have no problem extracting the key
from a car they have legal access to, and then use that shared key on
the car they want to steal. A database of shared cryptographic keys
would be very easy to build this way.
Multiple car brands are affected
The Volkswagen Group owns Audi, Bentley, Bugatti,
Lamborghini, Porsche, SEAT, Scania, Skoda, and the Volkswagen brands.
According to statistics, the Volkswagen group has sold over 100 million
cars in the last 15 years, but more cars may be exposed since the Group
has been providing remote car keys for its products since 1995.
Flavio Garcia, the expert who led this latest
research, is also one of the researchers part of a crew that discovered a
security flaw in one of the components used by the Volkswagen Group's
RKE system in 2013. Back then, the automaker sued the researcher and prevented him from going public with his findings for two years instead of fixing the flaw.
Researchers didn't share the full attack details
This time around, the researchers notified the
Volkswagen Group and a third-party subcontractor about the issues. The
company allowed the researchers to publish their data as long as they
didn't share details that would put customer property in danger.
"[W]e agreed to leave out amongst others the following details: crypto-
graphic keys, part numbers of vulnerable ECUs, and
the used programming devices and details about the reverse-engineering
process," the researchers explained.
Below is an image of the device the researchers used
to intercept radio communications between the RKE and the car. More
technical details can be found in Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. Hope this information got to you on time, good luck.
Lets Talk About It! Join Me Please
EmoticonEmoticon