Hackers Crack Key-Fob Encryption Used by More Than twenty five Automakers

Modern transponder-equipped car keys are supposed to be ultrasafe: The chip-keys and key fobs communicate with readers inwards the car, permitting the car to embark only once a secret digital password has been transmitted. But a team of security researchers says they’ve figured out a way to circumvent the system used by some of the world’s largest automakers—and that Volkswagen Group used a lawsuit to keep their findings from going public for more than two years.

London’s Daily Mail reports that three researchers have found a security loophole in the Megamos Crypto transponder, the in-car electronic device that confirms the key or keyless transponder present inwards the car is genuine before permitting the car to begin. Megamos Crypto transponders are found in numerous models from Audi, Honda, Volkswagen, Volvo, and many other carmakers.

List of vehicles affected by the Megamos Crypto hack. Models listed in bold were tested by the researchers; the rest were extrapolated since they utilize the affected electronics.

As the Daily Mail explains, the system is supposed to be uncrackable: the 96-bit code exchanged inbetween the key and vehicle means there are “innumerable billions of possible combinations,” making a random guess virtually unlikely. But the hackers discovered that by listening in to the radio communication inbetween the key and the car just twice, they were able to narrow down the number of guesses it would take to crack the code to just 196,607 attempts. For a computerized “brute force” system, which the hackers were able to build, such a feat could take less than thirty minutes—and once the decent code is found, making a duplicate key that works just like the original is effortless.

“It’s a bit like if your password was ‘password,’ ” Flavio D. Garcia, one of the researchers, told the Daily Mail.

The researchers introduced these findings in a paper and a lecture at the Usenix digital-security conference in Washington, D.C., last week. But they very first found the vulnerability in the system all the way back in 2012. Why did it take so long for the discovery to go public? When the researchers very first discovered the fault, they went to Megamos with their findings, suggesting to keep their discovery private for nine months while the Swiss chipmaker found a solution. But in 2013, the Daily Mail reports, Volkswagen sued the researchers individually, and the universities that employ them, to block them from publishing their findings.

The settlement that ultimately led to the research being published hinged around a compromise: The researchers agreed to omit one crucial line from their paper, “a pivotal detail which could permit a non-technical person to work out the hack,” the Daily Mail reports. Volkswagen told the paper that the hack takes “considerable sophisticated effort” and that its latest cars aren’t vulnerable.

This hack was exposed on the high-heeled shoes of research by ethical hacker Samy Kamkar, whose RollJam device can crack the code used by some of the most popular keyless-entry remotes and who built a hand-held device that was demonstrated to remote-unlock and begin any vehicle connected to the OnStar smartphone app. GM says it has since immovable the loophole that permitted the latter hack.

Related movie: