Hackers Crack Key-Fob Encryptions for Audi, Honda, Volkswagen, Volvo & Others
Modern transponder–equipped car keys are supposedly safe, but London’s Daily Mail reports hackers crack the key-fob encryption in the Magamos Crypto transponder used by numerous models from Audi, Honda, Volkswagen, Volvo and many other car makers.
The chip-keys and key fobs communicate with readers inside the car, allowing the car to start only once a secret digital password has been transmitted. The system is supposed to be uncrackable: the 96-bit code exchanged between the key and vehicle means there are “countless billions of possible combinations,” making a random guess virtually impossible.
Hackers Crack Key-Fob Encryption By Listening
Hackers discovered, however, that by listening in to the radio communication between the key and the car just twice, they were able to narrow down the number of guesses it would take to crack the code to just 196,607 attempts. The hackers were able to build a computerized “brute force” system, that narrowed the possibilities and it takes less than 30 minutes to find the code. Once the proper code is found, making a duplicate key that works just like the original is easy.
Is Your Car Potentially Vulnerable To Hackers Key-Fob Attack?
Here is a list of vehicles and models vulnerable to possible key-fob hacks:
Volkswagen Sues To Surpress Hackers’ Key-Fob Encryption Hack
The first found the vulnerability in the system back in 2012. They went to Megamos with their findings, offering to keep their discovery private for nine months while the Swiss chipmaker found a solution. But in 2013, the Daily Mail reports, Volkswagen sued the researchers individually, and the universities that employ them, to block them from publishing their findings.
The settlement that finally led to the research being published hinged around a compromise: The researchers agreed to omit one crucial line from their paper, “a pivotal detail which could allow a non-technical person to work out the hack,” the Daily Mail reports. Volkswagen told the paper that the hack takes “considerable complex effort” and that its latest cars aren’t vulnerable.
For more, see Car & Driver.