The auto world has been thinking a lot about hacking lately. For years, it wasn’t much of a concern, but now that many new cars are connected to telematics networks like Uconnect and OnStar and to cellular networks via dongles attached to their onboard diagnostics ports, our rides are becoming increasingly vulnerable.
As proof, consider recent stories about Volkswagen (including Audi and Porsche), BMW, and Mercedes-Benz. We have a feeling that this is just the tip of the proverbial iceberg.
Volkswagen’s story is perhaps the more troubling, and it’s definitely the harder to repair. That may explain why the automaker spent two years trying to hide the information from the public.
VW’s vulnerability is rooted in radio-frequency identification (RFID) chips manufactured by Megamos Crypto. Those chips help keep VW vehicles locked up tight and prevent them from starting without the proper key fob.
Unfortunately, at least one team of researchers has broken Megamos’ cryptographic system, making it possible to carry out brute force attacks on vehicles equipped with the chips. Brute force attacks are basically automated trial-and error attempts to break through security walls. They can take time, sifting through all the possible combinations of “passwords”, but eventually, they find a way through.
How much time do they need? Researchers Roel Verdult, Baris Ege, and Flavio Garcia rammed through one of Megamos’ chip systems in about 30 minutes.
On the upside, that’s a long time for just one break-in. For most thieves, the return isn’t worth that kind of effort or risk.
On the downside, plenty of luxury vehicles like Bentleys and Lamborghinis use Megamos RFID chips, and those cars are often targeted by car thieves looking to steal very specific vehicles. In such cases, 30 minutes is nothing, given the cash that thieves can score in exchange for a boosted ride.
Also on the downside: Megamos chips are found in plenty of other cars, too, including some made by Fiat Chrysler and Honda.
But the biggest problem of all is that fixing these systems isn’t just a matter of rewriting a few lines of code and sending out an over-the-air update. The chips themselves and the transponders with which they communicate have to be removed and replaced, which is time-consuming and costly.
Volkswagen was told about the problem in 2013 and sued the researchers to keep their findings out of public view. The group has been negotiating with VW for the past two years to publish their work. They’re sharing it this week at a conference in Washington, D.C., with one key sentence redacted.
The problem with BMW and Mercedes-Benz vehicles is just as dangerous — maybe even more so — but it’s easier to fix.
It was identified by Samy Kamkar — the same Samy Kamkar who found the hole in OnStar’s RemoteLink app (which has since been patched). That vulnerability could be exploited to give ne’er-do-wells with the right equipment access to a range of GM vehicles, allowing thieves to start, stop, and open the cars.
Read more of the original article in The Car Connection.
