This is a flaw that could further penalize Volkswagen, which already struggles to come out of disappointments fixing scandal diesel engines. A study that has just been presented by scholars at a security conference in Austin (Texas) ensures that most of the vehicles produced by the group last twenty years can be unlocked without a key. Researchers point to the vulnerability of remote opening control system: they believe that it is possible to create a “Remote clone of a vehicle VW group” by intercepting data transmitted by the doors lock when the farm owner or opens his car.
The team of four experts was first managed to capture data transmitted by the remote control with a small radio module (sold commercially). First discovery: these data are readily decryptable – if at all encrypted on models dating back fifteen years. Second discovery: the “master key”, the receiver of data installed in the car, which thus controls the opening of doors, … is actually identical on different vehicles of the Volkswagen Group (Audi, Seat, Skoda .. .). A “cloning” of the electronic remote control and opens at will any car – from a non-exhaustive list of models quarantine. According to experts, up to 100 million group vehicles could be affected.
Renault-Nissan and PSA concerned
pushing their research, the researchers used the same method to break into vehicles of other brands: Fiat, Citroen, Dacia, Renault, Nissan, Opel, Ford … This time, it took them perform additional manipulation to bypass a bit more advanced security systems. But they still managed to crack the cryptographic algorithms HiTag2 system, common to all these brands.
Their findings are potentially explosive. Certainly, the technique is not within the reach of anybody thief. But they believe the accessible enough to be reproduced method. It could explain several car thefts recorded lately: thirty Jeep may have been stolen in Texas with this kind of piracy, while German police suspect the process of being used there is little in Germany
VW alerted as soon as November 2015
Asked PSA indicates be currently investigating internally on these potential security breaches . Volkswagen, which has acknowledged the existence of vulnerabilities, is particularly vulnerable. These revelations underscore the limits of hollow VW production model. The group in fact based its growth – which has brought it to the rank of world’s leading manufacturer – on the development of common platforms between its various models. This could explain that the “master key” of its cars is the same for all its brands. And the German manufacturer can not feign surprise: Flavio Garcia, one of the authors of the study, co-authored a first survey in 2012, which clearly pointed security vulnerabilities. This researcher from the University of Birmingham warned VW, which in turn … had done everything to prevent the publication of its report.
No grudges, man (and his associates) again sought VW officials, met in November 2015 and then in February. “The group acknowledged vulnerabilities” , they wrote in their report, saying they did not give any details on hacking techniques for safety
. <- status: non-registered -> <- tpl_article / bloc_servitiel_nl ->
<- /! tpl_article / bloc_servitiel ->
No comments:
Post a Comment