August 14, 2015
The Volkswagen Auto Group has been one of the top sellers for as long as I can remember. They have always produced a steady stream of cars coming from every part of the auto spectrum, excluding pickup trucks but including lorries. For the first half of 2015 the auto sales throne has been relinquished to the Volkswagen Auto Group from Toyota Motor company, but there is trouble on the way for the Auto Group, a hack affecting dozens of cars has surfaced. Megamos Crypto is a subcontractor for an alarming amount automakers, they make transponders for vehicle immobilizers. A vehicle immobilizer is an anti-theft device that requires a key made specifically for the car. Reason being; the key fob houses a transponder that puts out a certain Radio Frequency Identification (RFID) frequency (at least in Megamos Crypto’s case), said frequency tells the car that it is ok to allow the engine to turn on, as opposed to being immobilized if the key is present without the transponder (or more specifically sans RFID tag). An RFID tag is not hard to beat per se. In fact, a 24 year old Spanish hacker, was potentially able to ride on the Spanish public transit system for free because of a quick and simple scheme. After a few other freebie easy hacks, Alberto Illera tried a bolder hack. He convinced one of the members of the transportation staff to help him with some frivolous task, while wearing an RFID reader hidden in a cigarette pack. In the short span of time that the staffer was in the vicinity of Illera, the hacker was able to copy and clone the frequency. After that he could ride the train and subway free charge (though maybe not of conscience). When Megamos Crypto released their immobilizer 20 years ago, it was insect ligaments. It had a huge hand in dropping vehicle theft down one of the lowest levels, because hotiwiring and copied keys were no longer an effective means of Grand Theft Auto. However, as of August 4th, 2013 the company is closer to being Micromos Crypto. In 22nd annual USENIX Security Symposium, two researchers from Radboud University Nijmegen, presented part of a presentation entitled “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer.” Only a part was presented because Volkswagen AG sued, and The High Court of Justice in the United Kingdom upheld the now throne holder’s plea, but as of yesterday there is trouble on the horizon for more than just VW AG. The list of affected manufactures is more than a dozen, but highlights include, Ferrari, Lamborghini, Bentley, Volvo, and Honda. Micromos Crypto has sold them all affected transponders. Volkswagen’s relationship with the company dates back to 1998. Now, the PowerPoint only meant to supplement the paper, will accompany it in the first complete (and possibly ruinous) presentation at the 24th USENIX Security Symposium. This means that anyone with a laptop, will have all the information necessary to steal thousands of Volkswagen AG vehicles in under 60 seconds… after 30 minutes of prep time. The hack is actually exceedingly easy (as far as hacks go), and dangerous, because it can be done using a simple wireless connection to the car. The three researchers were able to exploit three separate weaknesses in the system. The first was very similar to Illera’s example, except instead of one skimming simple attack that read the RFID tag and replicated it, theirs was a little more complicated. It required two eavesdropping traces and much more mathematical coded crypto-cracking, but was essentially the same in concept. The second was a done by exploiting the built in update software and using an emulated responder frequency, to drive away in 30 minutes. The last was the most appalling, a sheer brute force attack on weaklings. The researchers said that some manufactures keys were so weak, they cracked them in a few minutes with a simple laptop. Now that Volkswagen AG is so exposed on the throne, they will have to recall and replace all the troubling hardware. Poor FCA will have to issue yet another recall. It is the second time in a month that such a glaring hack risk was exposed on their vehicles.