Skip to main content

Secret Volkswagen car hacking research gets released after 2 years

The release of a research paper detailing the security vulnerabilities in many cars, which the car maker Volkswagen has tried to suppress for two years, was published this week with just one sentence redacted.

An injunction from a UK high court was awarded to Volkswagen in 2013 to hold the release of the paper after it sued the hackers, with the car maker claiming that its publication would make it easier for would-be criminals to steal cars made by Volkswagen and other manufactures.

The lawsuit was settled "amicably," VolksWagen said.

The said vulnerability is related to keyless car theft, where hackers are able to affect the Radio-Frequency Identification (RFID) transponder chip used in immobilisers.

In the paper, white-hat hackers detail a flaw with the RFID Megamos Crypto transponder placed in car keys and key fobs which prevents an engine from starting without the transponder within range.

By decoding two transmissions between the key and transponder, the team gained access to the transponder's 96-bit secret key and allowed them to start the car in only half an hour. The incident now accounts for 42 per cent of stolen vehicles in London.

The paper is also being presented at the USENIX Security Symposium in Washington DC this weekend.

VolksWagen, which owns Porsche, Audi, Lamborghini, Bentley and others, said that consumers need not to worry and claims its newest vehicles use the modular MQB platform, which includes cars like the Volkswagen Golf and Audi A3, meaning that the cars are not susceptible to this particular vulnerability.