
A New Wireless Hack Can Unlock 100M Volkswagens - craigjb
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/
======
adrianN
Big hardware companies like VW seem to still focus on "security by obscurity",
because they're not used to a connected world with plenty of attackers with
lots of free time on their hands.

I'm quite worried about the future of networked cars.

~~~
AWildDHHAppears
Nobody (including me!) expected extremely cheap software-defined radio
transmitters and receivers to be available. A short key and a rolling code
seemed like a good enough obstacle for a door lock 20 years ago.

~~~
makomk
I don't think this actually needs fancy software-defined radio hardware. That
looks like a cheap, generic 315/433MHz ASK receiver for the keyfob, and those
have been widely available for decades. They're essentially what you'd find in
the car side of a remote-unlock system, or in most bargain-basement RF remotes
of any kind.

~~~
AWildDHHAppears
Yes, but SDR allows for the quick and easy experimentation, even if the hack
ends up being implemented on other equipment.

~~~
seanp2k2
The other aspect that makes SDR so appealing is wiring up software blocks in
GNURadio that used to be implemented in hardware. This drastically reduces the
testing cycles and lets you basically guess, measure, and muck around until it
works.

------
bArray
Would just like to add that some of the security issues are to do with
limitations set by governments. I think China and the US in particular insist
on crappy security and it's cost effective to simply apply that everywhere
else. Forbid anyone have something a government can't pry into...

I think for car manufacturers, they are limited to 128 bit encryption and cars
only have to stand up to about 15 minutes of hacking - that last one isn't
particularly well defined either.

~~~
maccard
Have you got a source for either of your claims?

~~~
bArray
The other might be an unwritten rule in the automotive industry. They just
hire a bunch of hackers and make sure it stands up to 15 minutes.

~~~
maccard
> might be an unwritten rule that's not a source, or even anything close to
> it. Purely hearsay.

> They just hire a bunch of hackers and make sure it stands up to 15 minutes.

Stands up to 15 minutes of what? Smashing the side window with a crowbar?
Angle grinders through the driver side door? Who hires them? What sources do
you have that say this? You seem very authorative in this thread, yet have
nothing to support your claims.

~~~
bArray
"You seem very authorative in this thread, yet have nothing to support your
claims." \- Unfortunately, I can't back my credentials because of the stuff
I've work/ed on. I can say it was a US company involved in automotive parts.

"Stands up to 15 minutes of what? Smashing the side window with a crowbar?
Angle grinders through the driver side door?" \- Exactly the point I was
making. They just hire a random number of hackers (not random obviously, but
probably not much research into what is truly sufficient either) and leave
them alone with the system for a few days to see if they can do anything to
it. If nothing happens they get a pass. It was literally a case of getting a
tick in the right box.

"Who hires them? What sources do you have that say this?" \- The place I
work/ed.

I need to see if the specification are public. I checked with an old colleague
and they weren't sure if they published them - so they are now checking
themselves. They agree that it was Government defined, but now I'm interested
in finding out who else had to adhere to that.

------
mrb
Direct link to research paper:
[https://www.usenix.org/system/files/conference/usenixsecurit...](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf)
Basically VW use the same secret keys to authenticate wireless comms across
millions of cars. They change the key every few years (new car platforms,
etc).

------
jacobsenscott
A legit service would be to replace lost keys for a few bucks rather than the
$100's a dealer charges for one key.

~~~
willempienaar
I'm in exactly this situation. Had my VW's key stolen, and now they are asking
$200 for a replacement.

It's easy to get a replacement key, but you need VW to program it. Hopefully
that process becomes public.

~~~
TwoBit
Many cars' keys can be programmed without the maker, at least if you have a
copy of the original key. And you should always have two keys, lest you lose
one.

~~~
willempienaar
Unfortunately I don't have another electronic key.

My model (2013 Polo Vivo Blueline) came with one electronic key/remote, and
one mechanical key. So I can buy another electronic key, but I can't use the
remote without VW programming it.

~~~
wyager
Are you absolutely sure? The vast majority of cars have a way for you to re-
program keys, key fobs, etc. provided you have at least one master (not valet)
key available. You may have to look in weird corners of obscure forums, but
you can probably find the procedure. I did this recently in my car and it
involved pushing the brake pedal 8 times, accelerator 7, turning the wheel
left-right-left, etc. It sounds like a ridiculous wild goose chase, but this
is the sort of thing you can expect from car manufacturers.

~~~
ams6110
Ford requires TWO working keys to progam a new one in the car.

------
helthanatos
Silly silly car manufactures that leave the car systems vulnerable in almost
every way because they can't think far enough ahead to actually be secure
before having "cool" things like button less key fobs and button starts.
Seriously... Why do so many people not care about security?

~~~
micaksica
> Why do so many people not care about security?

Security costs money.

~~~
helthanatos
Security really doesn't cost much. To constantly maintain the best security
does cost, but this is about something that they could have avoided with the
tiniest bit of thought. Their simple approach of "it's secure as long as no
one knows how to break in" is annoying and whether it affects many or not, it
is about the possibility of bad things happening. GTA isn't thought of as a
big crime for some reason and it can cost the owner a lot. It would be nice to
think my car had someone make sure that trivial snooping would not allow
access to the car or that my car's head unit cannot control other parts of the
car such as breaks and steering.

------
dingo_bat
So how do you make something secure when attackers have physical access for
hours? I think cars cannot be perfectly secure like we expect computers to be
purely because we don't leave our computers unattended for hours in public.

~~~
slavik81
I'm curious how secure physical car locks are for comparison. Bike locks and
house locks are not particularly effective against skilled attackers. They
exist mostly to stop the stupid and opportunistic.

~~~
ams6110
Car locks are as secure as the pane of glass just above them.

------
kowdermeister
Thank you Volkswagen, technology, hackers, crackers and everybody involved
that I can read titles like this that would totally fit into a 1999 sci-fi
movie about the near future :)

------
wckronholm
These security issues are not exclusive to computer systems in cars. A valet
recently used my physical car key to unlock a different car. (Same make,
different model.) He only realized he was in the wrong car when the ignition
wouldn't turn.

------
akerro
[https://twitter.com/internetofshit](https://twitter.com/internetofshit)

