Consumers are familiar with the idea that their computers could be hacked but the chance that their vehicle could be hacked is a fairly new issue to many. That hasn’t stopped the hackers from figuring out ways to take control of vehicles, apparently. A team of researchers from the University of Birmingham, who already showed a vulnerability that allowed hackers to start the ignitions of millions of Volkswagen (VOW3) cars and drive away without a key, has now shown that Volkswagen’s keyless entry system is flawed, too.
Back in 2015, findings from researchers suggested keyless car theft—in which hackers can access a car’s interior and start the ignition without the use of keys—could be done quite easily. That research could have been published two years before it was, but Volkswagen filed a lawsuit to stop publication. In that study, researchers were able to start a car without the proper RFID chip in less than half an hour.
Now, researchers say cars as old as from 1995 could have their keyless entry systems attacked and all it would take is a piece of radio hardware. That means hundreds of millions of vehicles could be vulnerable to keyless hacking. Thieves simply have to intercept the signal from the car owner’s fob and clone the key. And, once they have the cloned key, they can attack the vehicle as often as they want.
“Owners of affected vehicles should be aware that unlocking the doors of their car is much simpler than commonly assumed today,” researchers wrote.
Although it may seem like a problem for the future, reports are already coming in about hackers stealing cars using computers. Houston police recently arrested two suspects who were believed to be involved in the keyless theft of more than 100 trucks and SUVs. The suspects were believed to have used a laptop computer to break into a variety of vehicles, including Jeep Wranglers and Dodge (FCAU) trucks. The vehicles were then transported into Mexico. When they were arrested, the suspects had electronic devices, firearms, and body armor.
The suspects may also have had the help of employees at local dealerships and repair facilities, who may have given the suspects access to keycode databases. With that information, the suspects were allegedly able to reprogram a new keyfob using the vehicle identification number.
In March 2016, the Federal Bureau of Investigation, Department of Transportation, and National Highway Traffic Safety Administration issued a public service announcement about the dangers of vehicles being hacked. In that announcement, the agencies warned about the risk of hackers shutting down an engine, disabling the brakes, and manipulating the steering, among other concerns.
Unfortunately, fixing the problem likely won’t be easy. Car owners can, if they want, use their keys to lock and unlock their doors, getting rid of the fob entirely. In the meantime, experts continue to urge consumers not to leave anything valuable in their vehicle. To avoid other hacking issues, consumers are advised to ensure vehicle software is up-to-date.