Dutch researchers: Volkswagen, Porsche car keys easily hacked

By Janene Pieters on August 12, 2015 - 13:45
1280px-2007_Volkswagen_Golf_R32_-_Flickr_-_The_Car_Spy_(13)
Volkswagen (Picture: Wikimedia Commons/The Car Spy). Volkswagen logo (Picture: Wikimedia Commons/The Car Spy)

Volkswagen, Porsche, Bently, Seat and Audi car keys, among others, are easy to hack because the chip in the ignition key and the code in the immobilizer are not programmed properly. This involves the Megamos Crypto chip, which is installed in hundreds of thousands of cars in the Netherlands, and millions world wide.

This is according to research done by the Radboud University Nijmegen, NOS reports. Both the Volkswagen Group and industry association RAI have acknowledged that there is a security issue.

According to the researchers, the chip has a long code, but Volkswagen, for example, only use a small part of that code in the car key. "Since only a small part of the security code is used, the code is actually much easier to figure out than it should be", researcher Roel Verdult said to NOS. According to him, the shorter code can be figured out in about ten minutes with the use of a large computational computer. "If the long code was used in the key it would take years of calculations to figure it out."

In a reaction, the Volkswagen office in Wolfsburg told NOS that the study showed that the immobilizer of older model cars do not have the same safety level as the other cars and that this can not be avoided. "Even with the older models of our product range, of which the authors examined the immobilizer, the car thief needs at least one authorized key and the recording of at least two successful starts. For these reasons, these older cars are in principle protected against theft."

The researchers contacted Volkswagen after they discovered the weak point in the car security system. Volkswagen went to court to block the publication. The British high court ruled that disclosing the weakness would make the theft of millions of cars easier. Volkswagen recently partly lifted this publication ban. "The authors may continue to publish some of their scientific work. Hopefully you can understand that we can not go into further details", Volkswagen reaction reads.

Both Volkswagen and RAI agree that it will be impossible to replace both the key and immobilizer in millions of vulnerable cars.

Tags: