London - Tens of thousands of cars are vulnerable to thieves using electronic hacking, according to researchers whose findings were suppressed by a major manufacturer for two years.
The full details of the security loophole, which can now be revealed, show a widely used electronic security device designed to prevent thieves from breaking in and driving off with vehicles could easily be disabled by criminals.
Most modern cars cannot be “hot-wired” as they are powered by electronics. But organised criminals are finding hi-tech new ways to take control of vehicles. The problem is acute in London, where four out of 10 car thefts feature electronic hacking.
Three university researchers from Britain and Holland discovered that immobilisers fitted to more than 100 car makes had weak security that could be defeated - in some cases within a few minutes. But when they tried to publish their findings, Volkswagen took High Court legal action to stop them.
Critics claim the move could have a “chilling effect” on security research in the UK but VW defended it, stressing the firm went to “great lengths” to prevent “unauthorised individuals [gaining] access to our cars.”
The researchers, Birmingham University's Flavio Garcia and Roel Verdult and Baris Ege, from Radbound University in Nijmegen, fought the ban, saying they identify security flaws so they can be fixed. They said their research started after police claimed cars were being stolen “and nobody can explain how”.
WHY THEY WERE SILENCED
Despite this a High Court judge agreed to the ban - saying he believed publication would “facilitate car crime”.
The researchers denied their paper teaches people to steal vehicles, and argued that the ban on publication denied the car-buying public crucial information about the security of their vehicles.
Following more than a year of negotiations between the academics and VW, the full details have now been published. The researchers say only one sentence has been removed from the original research. It reveals how they identified “several weaknesses” in a Swiss-made security device called a Megamos Crypto system.
The device is used by a total of 26 car manufacturers including Audi, Fiat, Honda, Volvo as well as Volkswagen. Many top-range brands including Bentley, Ferrari, Porsche and Maserati are among those known to use them.
The manufacturer of the system claims to have sold over 100 million radio frequency identification chips which are designed to verify the identity of the ignition key being used to start the car engine. If thieves get into the vehicle without the right key, the engine should refuse to start.
SECRET CODE
The researchers showed how it was possible electronically to listen to signals sent between the security system and the key fob. By doing this, they were able to discover the vehicle's secret code within 30 minutes.
The academics warn the security devices were vulnerable to “close-range wireless communication” attacks and said situations such as valet parking and car rental where attackers could have access to both the immobiliser and the keys were a particular danger. They recommend the car industry use more sophisticated systems which are harder to defeat.
The researchers say they believe that some modifications have now been implemented on new models.
According to industry experts, the security flaw could cost manufacturers millions to fix. The radio frequency identity chips in the key fobs - as well as the equipment that responds in the engine starting system - will both require re-engineering or replacing.
A spokesman for Volkswagen said: “Volkswagen has an interest in protecting the security of its products and its customers. We would not make available information that might enable unauthorised individuals to gain access to our cars. In all aspects of vehicle security, we go to great lengths to ensure the security and integrity of our products against external malicious attack.”
The RAC says electronic security has led to a dramatic improvement in levels of car theft, which has fallen 70 percent in the last 40 years.
Last year near 70 000 cars were taken in the UK. Experts warn that the overall decrease hides a spike in electronic keyless thefts.
HOW THE SCAM WORKS
The Megamos Crypto immobiliser is designed to stop a thief breaking in and “hot-wiring” a car. A device called a transponder in the key fob sends an identification code to the immobiliser informing it the correct driver is present.
Scammers overcome this by electronically eavesdropping on the key fob signal and then using a commercially available computer programme to analyse it and emulate it. The immobiliser then decodes the signal and, if it is correct, starts the engine.
Researchers found the chips use relatively simple encryption. By listening to them talk to each other twice, anyone could quickly discover the pattern and copy the key.
THE MODELS AFFECTED
Volkswagen’s vehemence in defending the security of its vehicles appears to be paying off. The theft of VW models in the period 2010-2014 reveals a 44 percent fall from nearly 3800 vehicles stolen to 2260. Their determination to stop details about flaws in the Megamos security system becoming widely known could also be linked to the fact it has installed the chip in more than 26 VW models ranging from the popular Golf to the Passat, Tiguan and Transporter models.
The same system has also been fitted to Audi, a VW subsidiary, where it was fitted into cars ranging from the A1 to the racy TT. It was also used by another VW subsidiary, Skoda, where it was fitted to more sedate models such as the Fabia, Octavia and Yeti and its Spanish-built Seat range including the Leon and Altea cars.
The German car giant also put them in its upmarket Porsche models where they are known to be fitted to 911 models as well as the Boxster.
Japanese car maker Honda has used them in versions of the big selling Accord and Civic as well as the more recent Jazz model.
The Ferrari California and Masarati Quattroporte also feature the same chip.
The Independent