Hack to steal cars with keyless ignition: Volkswagen spent 2 years hiding flaw

Supposedly you could become a “keyless” car thief capable of stealing Ferraris or other high-end cars with keyless engine start functions such as those in Audi, Fiat, Honda, Volkswagen and Volvo vehicles if only one sentence had not been omitted from a research paper. That deleted sentence was the end game for three security researchers who have been gagged for two years about a flaw in keyless cars.

Most people have a “dream” car which they would own if money were no option. Mine is a Tesla S P85D with a hardware upgrade so it would include a “Ludicrous” mode making it capable of doing 0-60 in 2.8 seconds. “It’s faster than falling,” explained Tesla CEO Elon Musk. “It’s like having your own private roller coaster.”

For some people, a high-end Volkswagen, a Porsche or a Lamborghini is their dream car and they actually own one. Those are the types of luxury vehicles that high-tech car thieves get “orders” for and then steal. Volkswagen should be ashamed of funneling its money and resources into gagging security researchers for two years instead of fixing a flaw in high-tech keys that thieves could exploit to steal high-end cars.

Responsible disclosure

Three researchers uncovered flaws in the RFID Megamos Crypto transponder found in keys and key fobs; it’s supposed to stop an engine from starting without the transponder being near the vehicle.

Roel Verdult, Flavio Garcia, and Baris Ege

They took their findings about the weaknesses in the cryptography and authentication protocol to the Swiss manufacturer of the chip in February 2012, giving them nine months to fix the flaw; then they took their research to Volkswagen in May 2013. They had planned to present their research at USENIX 2013, but Volkswagen argued its vehicles would be at risk of theft and filed a lawsuit to block the paper from being published.

Although the code had been available on the Internet since 2009, the UK High Court of Justice awarded an injunction that prohibited the authors, their institutions, and anyone else who might assist them from publishing the research. The British court wrote, “I recognize the high value of academic free speech, but there is another high value, the security of millions of Volkswagen cars.”

So much for doing the right thing by responsibly disclosing the security flaw.

Make and model of cars at risk

“The Megamos,” according to Bloomberg, “is one of the most common immobilizer transponders, used in Volkswagen-owned luxury brands including Audi, Porsche, Bentley and Lamborghini, as well as Fiats, Hondas, Volvos and some Maserati models.” The researchers’ paper included a list of vehicles that use Megamos Crypto.

The researchers experimented/exploited the flaw on vehicles in bold print.

“This is a serious flaw and it's not very easy to quickly correct.” Tim Watson, Director of Cyber Security at the University of Warwick, also told Bloomberg, “It isn't a theoretical weakness, it's an actual one and it doesn't cost theoretical dollars to fix, it costs actual dollars.”

It’s not like Volkswagen hasn’t recalled vehicles. Volkswagen recalled 420,000 cars last week due to potentially faulty front air bags. If air bags won’t deploy in a crash, then people can die. Does it take the threat of death for Volkswagen to recall its vehicles? It seems like it’s too bad, so sad if the problem deals with merely having the high-end vehicle stolen.

What freaked Volkswagen out was that the researchers accessed the transponder’s 96-bit secret key and then they were able to start a keyless car in half an hour. The chips use outdated encryption and the researchers were able to listen “twice” and then make a copy of the key and chip. Researcher Roel Verdult told CNN Money, “You would expect that expensive cars used the better alternative.” Researcher Flavio Garcia added, “It's a bit like if your password was 'password’.”

Since the attack requires eavesdropping twice on the radio exchange between key and Megamos Crypto system, it sounds similar to Samy Kamkar's RollJam, which jams the airwaves while a car owner is pushing the “lock” or unlock button on his or her key fob and grabs the rolling code sent by the key; when the car owner hits the lock button again, RollJam jams again and grabs the second rolling key. Kamkar said, “If you’re using a remote to unlock your vehicle, then you’re vulnerable.” The $32 RollJam device works on most garage door openers as well as electronic locks on Nissan, Cadillac, Ford, Toyota, Lotus, Volkswagen, Chrysler, Daewoo, Fiat, GM, Honda, Volvo, and Jaguar vehicles, plus Cobra and Viper alarm systems.

Two years of negotiations between the researchers and Volkswagen passed, during which keyless entry systems have been targeted by other security researchers and the Metropolitan police said, “Last year, over 6,000 cars and vans across London were stolen without the owners’ keys. That is an average of 17 vehicles a day, and represents 42% of all thefts of cars and vans.” Finally, two years later, researchers Roel Verdult, Baris Ege, and Flavio Garcia were able to publish and present their research at the USENIX Security Symposium…after redacting just one sentence.

Maybe you could have become a high-tech car thief stealing 126 models of high-end vehicles from different companies if only that one sentence detailing a hacking procedure had not been redacted? Or maybe, during the two years the researchers were gagged, the car manufacturers could have recalled and fixed the Megamos flaw?

You can grab a copy of the formerly suppressed research paper “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer” (pdf) that was presented at USENIX. After all, the researchers concluded, “The implications of the attacks presented in this paper are especially serious for those vehicles with keyless ignition.”