Earlier this week, it was revealed that researchers at the University of Birmingham had cracked the (rather poor) encryption scheme used by millions of Volkswagens for their remote unlock key fobs. That’s not good. But what’s also not good is that it’s not really new, and that it’s not limited to VW.
In the VW attack, the researchers were able to extract a cryptographic key that is one of four shared across tens of millions of Volkswagen cars. Then, they were able to eavesdrop on remote-control signals sent by a key fob. Once they’d intercepted enough signals from the key fob, they were able to replicate it and unlock the car doors without ever once touching the vehicle’s key fob.
There’s another attack that the researchers revealed that found flaws in the HiTag2 cryptographic scheme, used by a number of brands for two decades. That allowed them to replicate a key by intercepting eight button presses from a fob. All this is disturbing, especially since a car is the second-largest purchase most of us will make in our lives after a house.
they could unlock the car doors without ever once touching the vehicle’s key fob
On the plus side, both these vulnerabilities won’t allow thieves to actually drive away with your car because they have immobilizers built in — but at the same time, Volkswagen’s immobilizers aren’t foolproof either.
But key fob vulnerabilities aren’t new. Last year, Nick Bilton of The New York Times shared a story of his Toyota Prius getting broken into several times in the span of a few weeks. It turned out to be a device that can amplify the signal used to check if a key fob is in range when the door handle is pulled. Many cars have such a system, allowing drivers to unlock and enter their vehicles with the key in their pocket, untouched.
It works by sending a signal from the car to the key fob, to see if it’s in range (usually within a few feet of the car). The vulnerability comes from a device that amplifies that signal to make the car think your key is next to it, when it is actually hundreds of feet away (like in your house).
Bilton decided to put his keys in the freezer, which acts as a Faraday cage and prevents the signal from reaching it at all. Another solution is to keep keys in a $1.50 RF-proof bag that blocks the signal, as demonstrated in this video by antenna expert Spencer Webb of AntennaSys:
So, in other words, if you have a car with remote entry, it’s probably vulnerable to some sort of attack. It’s bad, and car companies should be worried about it, but there’s not much you can do about it (other than keeping your keys in a bag). It basically depends on how paranoid you are, and where you live. If you are in a busy city like Bilton, and there are frequent car break-ins in your area, it might be a worthwhile precaution. On the other hand, if you live in the middle of nowhere like I do, it’s not something you really need to worry about.
"I lose little sleep over it," said Webb to The Verge. He’s a pretty pragmatic guy and an expert in the field, so if he isn’t worried, you probably don’t need to be either. That said, you should probably make sure you have auto insurance that covers theft.