100 million Volkswagens at risk with new wireless key hack

With $40 worth of parts and a bit of reverse-engineering know-how, you can enter nearly every Volkswagen sold over the last 21 years.

Andrew Krok Reviews Editor / Cars
Cars are Andrew's jam, as is strawberry. After spending years as a regular ol' car fanatic, he started working his way through the echelons of the automotive industry, starting out as social-media director of a small European-focused garage outside of Chicago. From there, he moved to the editorial side, penning several written features in Total 911 Magazine before becoming a full-time auto writer, first for a local Chicago outlet and then for CNET Cars.
Andrew Krok
2 min read
Nick Miotke/Roadshow

Volkswagen's diesel issues are costing the company money and market share, but it doesn't affect VW's entire lineup. However, a new hack from researchers could compromise the security of approximately 100 million Volkswagens, going as far back as 1995. If you ever said, "Hey, it can't get much worse for VW," you might want to rethink that.

The hack comes from researchers at the University of Birmingham and a German engineering firm, Wired reports. The hack involves using radio hardware to intercept a signal from a wireless key fob. Those signals can be used to create a clone of the key that will allow the vehicle to be opened. It can be done with an Arduino board with a radio receiver, which would cost about $40.

The researchers discovered this method after reverse-engineering a specific Volkswagen component. They were able to extra "a single cryptographic key value shared among millions of Volkswagen vehicles," Wired wrote. Intercepting a single key press is all it takes to give researchers what they need to clone the key. A thief would need to be within about 300 feet of the vehicle, and that cryptographic key is not shared across ­all Volkswagen vehicles, but the sheer scope of this hack is fairly ridiculous.

"Volkswagen takes the security of our customers and their vehicles very seriously," the company said in an emailed statement. "Volkswagen is in contact with the academics mentioned and a constructive exchange is taking place. We agreed that the authors would publish their mathematical-scientific findings, but without the sensitive content that could be used by accomplished criminals to break into vehicles. The findings obtained will serve to further improve the security technology."

Those researchers are also set to debut another hack, which affects millions of vehicles in its own right. That one covers multiple automakers, though, including Alfa Romeo, Fiat, Ford, Mitsubishi and Nissan. This one is somewhat trickier, involving capturing multiple remote button presses, but it could still be used to gain access to a large number of vehicles.

It's important to note that these hacks only allow access to the inside of the vehicle. They cannot be used to steal the car, but getting inside could allow thieves to put the car in neutral and roll it onto a flatbed for a quick getaway.

Update, 3:32 p.m. Eastern: Added manufacturer comment.

Watch this: AutoComplete: Audi refreshes its smallest sedans, A3 and S3