Tuesday, August 18, 2015

Hackers reveal flaw in over 100 cars kept secret by Volkwagen for 2 YEARS: Bug can be used to unlock everything from a Kia to a Lamborghini

The list of impacted cars that use the Megamos tranpoder (pictured) includes vehicles from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands. 

Researchers hers have revealed a massive flaw in the remote controls used in hundreds of cars - and say Volkswagen and other manufacturers went to court two years ago to keep their discovery a secret.

Three European computer scientists say they have known about the flaws since 2012, and warned automakers.

The list of impacted cars includes vehicles from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands.

However, Volkswagen used its lawyers to keep the research under wraps until......
now, when a legal settlement allowed the documents to go public.

The researchers say the flaw is in the encryption between car and remote in a widely used Megamos Crypto transponder.

The transponder includes a 96-bit secret key, proprietary cipher, and 32-bit PIN code, but the researchers realized that its internal security was actually weaker.

'The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers,' the researchers wrote.

'It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. 

'At some point the mechanical key was removed from the vehicle but the cryptographic mechanisms were not strengthened to compensate,' the researchers wrote.

A hacker could become a valet driver and steal a fleet of cars, or steal a rental long after returning it using the flaw, it is believed.

The flaw was discovered by Garcia, as well as BariƟ Ege and Roel Verdult of the Radboud University Nijmegen in the Netherlands.

The list of affected cars included several models made by Audi, Fiat, Honda, Kia, Volkswagen, Volvo and many others.

They all rely on chips made by EM Microelectronic in Switzerland.

Researchers broke the transponder's 96-bit cryptographic system, by listening in twice to the radio communication between the key and the transponder.

This reduced the pool of potential secret key matches, and opened up the 'brute force' option: running through 196,607 options of secret keys until they found the one that could start the car. It took less than half an hour.

Researchers presented their findings on Wednesday at the Usenix conference in Washington, D.C.

They say they gave the Swiss chip maker nine months to fix the problem in late 2012 before they would go public with their discovery.

Culled - Dailymail

Drop a comment.....thanks!

No comments:

Post a Comment