Skip to main content

Millions of Cars Affected by Remote Keyless Entry Flaw

Thursday, 11 Aug 2016

IA

Could explain how thieves access locked cars.

British researchers say they have uncovered “severe” vulnerabilities in remote keyless entry systems used by millions of cars worldwide.

The researchers tested the keyless technology used in VW Group cars, which are covered by brands including VW, Seat, Skoda and Audi.

They also looked at a separate system that manages keyless entry for cars made by the likes of Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford “among others”.

Their findings – first reported by Wired - “could explain unsolved insurance cases of theft from allegedly locked vehicles”.

Both technologies the researchers examine are examples of “rolling code” keyless entry systems. These systems create a new cryptographic code every time the remote button is pressed, meaning the same code is never used twice to unlock the vehicle.

“An increased counter value is considered new and thus accepted. A rolling code with an old counter value is rejected,” the researchers said.

The researchers built small transceivers to “eavesdrop and record rolling codes [and] emulate a [car] key” using off-the-shelf components. The total cost of each device was about US$40. ($52).

In the case of VW Group cars, the researchers looked at four variations of rolling code schemes used in vehicles built from around 1995 to today.

They then sought access to the master key used by the cars to decode a signal from a key remote control and determine whether or not it is valid. To do this, they extracted firmware from various internal systems in the cars.

To read the full article, click here.