That anti-theft device might not make your automobiles as safe and secure as you might think, according to a newly-released study from Dutch researchers which claims that units made by 26 different automotive companies as “weak” and vulnerable to “trivial” attacks.
According to BBC News, study authors Roel Verdult, Flavio Garcia, and Baris Ege of Radboud University in Holland looked at the encryption system used by the Megamos immobilizer used by Porsche, Honda, and Volkswagen. They discovered that the systems are easily cracked, allowing potential thieves to make off with our vehicle.
Ideally, these systems prevent a car’s engine from being started unless the key with the correct radio chip is nearby. However, the researchers learned that by monitoring the data transmission between the car key and the anti-theft system only a few times, they could determine the secret cryptographic key used to scramble the information being sent and received.
In just 30 minutes, the researchers were able to discover which key was being used, and they claim that many automotive companies use extremely weak secret keys that could be found in only a few minutes using a laptop.
Easy to crack but hard to fix
Furthermore, the BBC said that the researchers had originally released their findings three years ago, but legal action by Volkswagen and French defense group Thales prevented publication of their paper until it was edited. Those restrictions have now been lifted.
Verdult, Garcia and Ege explained that it will not be easy to fix this issue, either. Correcting the flaws in the cryptographic system used for in data transfer process will require replacing both the radio chips used in the keys and the corresponding hardware in affected vehicles.
They also said that they had shared their findings with carmakers, and that measures were being taken to prevent some of the attacks from working. Previously, these systems were also found to be vulnerable if the chip signal on the key was boosted using an amplifier, BBC News said.
The study comes after several other security researchers have uncovered ways to hijack in-car computer systems, including one flaw that can disable cars simply by sending a text message to a specific onboard modem. In one demonstration, security researchers were able to hack a Chrysler Jeep from several miles away by accessing its onboard infotainment system.
(Image credit: Thinkstock)
Comments