Thousands of cars vulnerable to keyless theft, according to researchers


The Porsche 911 is one of the models at risk of keyless theft, according to new research

THOUSANDS of cars – including high-end marques such as Porsches and Maseratis – are at risk of electronic hacking, according to computer scientists whose research was suppressed for two years by a court injunction for fear it would help thieves steal vehicles to order.

It highlights a weakness in the Megamos Crypto system, a piece of technology used by big manufacturers such as Audi, Fiat, Honda, Volvo and Volkswagen.
It is supposed to prevent a car engine being started without the presence of a keyfob containing the correct radio frequency identification chip.

However, researchers at Birmingham University and Radbound University in Nijmegen, the Netherlands, were able to intercept signals sent between the chip and the car.

Listening in twice allowed them to use a process of reverse engineering – using a commercially available computer programmer – to identify the secret codes used to start the car.

“This is a serious flaw and it’s not very easy to quickly correct,” Tim Watson, Director of Cyber Security at the University of Warwick, told Bloomberg. “It isn’t a theoretical weakness, it’s an actual one and it doesn’t cost theoretical dollars to fix, it costs actual dollars.”
The researchers identified the flaw in 2012. However, Volkswagen won a High Court injunction preventing its publication a year later.

The motoring giant said the work of Flavio Garcia, at Birmingham University, and his two Dutch colleagues could “allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car”.

In response, the researchers argued a publication ban denied the public crucial information about the security of their vehicles. They were finally able to reveal their results at the Usenix Security Symposium at the weekend in Washington – with a single sentence redacted.

Their paper, “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser”, describes how they began their research when police said they were baffled by rising numbers of “keyless car theft”.

The Metropolitan Police says some 6000 vehicles were stolen without keys last year – almost half of all thefts.
The paper concludes: “The implications of the attacks presented in this paper are especially serious for those vehicles with keyless ignition. At some point the mechanical key was removed from the vehicle but the cryptographic mechanisms were not strengthened to compensate.”

It recommends changing the chip system to one that includes a random number generator making it much harder to use intercepted transmissions to break the codes. -