The (In)Security of Automotive Remote Keyless Entry Systems

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
S

slenten

***
Joined
Aug 13, 2016
Messages
4
Location
Minneapolis, MN
Hello everyone,
FYI, here's a link to a PDF of a white paper recently presented at the USENIX Security Symposium. The authors detail the serious vulnerabilities of VW's immobilizer system.

"Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems"
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf
 
slenten said:
Hello everyone,
FYI, here's a link to a PDF of a white paper recently presented at the USENIX Security Symposium. The authors detail the serious vulnerabilities VW's immobilizer system.

"Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems"
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf
Click to expand...

It says they haven't analyzed the Golf 7 versions yet, but they assume....
 
JoulesThief said:
slenten said:
It says they haven't analyzed the Golf 7 versions yet, but they assume....
Click to expand...
Click to expand...

Yes, the Golf Mk 7 was not tested for the study but the authors state:

"Our findings affect amongst others the following VW Group vehicles manufactured between 1995 and 2016. Cars that we have practically tested are highlighted in bold. Note that this list is not exhaustive, as we did not have access to all types and model years of cars, and that it is unfortunately not clear if and when a car model has been upgraded to a newer scheme." (my italics)

"...according to VW Group, this problem has been addressed in the latest generation of vehicles, where individual cryptographic keys are used."

"It is conceivable that all VW Group (except for some Audi) cars manufactured in the past and partially today rely on a “constant-key” scheme and are thus vulnerable to the attacks described in this paper, except for those cars that rely on the latest platform, e.g., the Golf 7 for VW." (my italics)

Perhaps not an issue for the Golf Mk 7 but a serious problem for older VWs using RKE schemes VW1 - VW4.
 
There is a similar story in Wired that describes the HiTag2 security method and the fact that the chipmaker NXP has been recommending customers (automakers) upgrade to newer systems since 2009.
They say that only the most recent VW Golf 7 model and others that share its locking system have been designed to use unique keys and are thus immune to the attack.
Click to expand...
So, it seems that the e-Golf should be immune to this particular attack vector.
 
You must log in or register to reply here.

Latest posts

Back
Top