Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"There's no quick fix for the problem - the RFID chips in the keys and transponders inside the cars must be replaced, incurring significant labor costs."

What a nightmare. Car manufacturers have to design more resilient systems.

Based on the difficulty to secure hardware systems after deployment, they will be for sure trying to put more and more features on the software-side.

If so, they will also have to think about a quick way to deploy security fixes remotely. One way could be working with connectivity solutions for Embedded Systems (e.g. SigFox).



Well, the advantage of VW is that the car itself is pretty secure.

All messages on the CANBUS are securely signed, there are multiple rings of security where data can always pass only in one direction, etc.

The only thing this exploit enables is that if you already have the car, managed to break the steering wheel lock, managed to replicate the magnetic signature of the key, and managed to start the motor, that you can circumvent the immobilizer that comes after that.

This is a pretty minor flaw compared to the "full control via radio" that competitors had.


Is this a specific feature of VW's implementation of CAN? CAN in general (at least not in 2007 when I last worked in the industry) is not secured. The only real security once you had access to the CAN bus were the separate rings (although several modules bridged). You probably couldn't start the car and keep it started unless you figured out the variant of crypto handshake used between whatever did ignition/skim/rke and the engine (sometimes public key, sometimes symmetric, often with some sketchy cipher implemented by modules that would offer full memory access via debug protocols if you asked the right way). If you had access to the spec for messages for the machines, access to the CAN bus can do some very cool/scary things.

Depending on how the car manufacturer spec'd the engine<->skim handshake, you might get as lucky as to just be able to isolate the offending skim/rke unit and MITM/replay its messages. If the rke and skim units are separate, there's an outside chance that the beacon that is sent after remote-start that lets the engine know not to turn off doesn't contain a secret key itself and can be replayed. In any event, I'd assume that physical access to the vehicle means that a kit could be deployed in minutes to steal the vehicle without any fuss.


Almost all German manufacturers use these variations of CAN.

Bosch recently published how their variants are used to prevent stuff like break-in through the radio.

The system is safe against replay attack (by prepending a timing signal to the encrypted message), has seperate rings of trust (so your gas pedal can control acceleration, but your radio can’t), and is in general quite safe.

And, well, with a physical kit you might be able to start the kit, but the steering wheel lock can not be unlocked without a physical key. And even if you break through that, you need to stop the immobilizer.

So you end up breaking open the door, breaking with large tools a part of the steering wheel lock, (hoping the car does not have an anti-intervention system, usually a cat jumping onto the car already starts a loud alarm), then you have to actually start the car and run this 30-min brute force attack against the immobilizer, after having sniffed the owner before.

It’s theoretically possible, but it's not really a practical attack.


This is how it worked ~2000:

You break door lock, get inside, pop the hood. Alarm starts, you spray polyurethane foam into alarm loudspeaker and it shuts up. You close the hood and go away for 10-20 minutes keeping a lookout on the car. You come back, swap computers, turn on the car and drive away.


Wait, so VW has an RFID immobilizer and a physical key? I've only ever seen cars having one or the other.


All European cars since 1998 will have both, because immobilizers are required by law in most of Western Europe.

On most cars, you'll never notice the immobilizer as it's RFID based, passive, and requires no batteries. The only way you'd find it is if you take apart the key fob or have to service the ignition lock, at which point you'll find the RFID antenna ring around it, or if you try to get the key replaced.


> All European cars since 1998 will have both, because immobilizers are required by law in most of Western Europe.

So will some cars produced before 1998. The Audi S2 (listed in the article) is one of those, and was built from 1990 to 1995.


Doesn't help you much if you don't live in Europe. I have a 2015 audi that doesn't require the key to be inserted.


FWIW my honda has a real physical key with an rfid chip. So just duplicating the key won't work unless I get a key with a chip.


At least in Germany, yes. Usually the key is also secured with multiple other techniques and has a 3-dimensional unique pattern, plus additionally magnetic safety features.

And the fact that the car has a steering wheel lock (the steering wheel is locked in the right-most position) is also standard.


Interesting, that seems like a pretty reasonable way to do it. Another case of convenience taking precedence over security, I guess.


The above mentioned vulnerability only applies to very few models, on the North American market, which have the (very costly) extra of keyless entry.

According to my knowledge, keyless entry is even illegal in Germany. (But I am not a lawyer, so I do not know if that applies at all, or if the legal situation just ends up stating that drunk people owning a car with keyless entry may not be close enough to their car that the immobilizer is deactivated)


As noted in the conversation about the Jeep hacking thread, This is an example of "better" security by not making the security system reprogammable (its read only). But it does incur this huge cost when you find a problem with it.

I'm sure the time to fix is also made more problematic by the need to fab new chips.


> If so, they will also have to think about a quick way to deploy security fixes remotely. One way could be working with connectivity solutions for Embedded Systems (e.g. SigFox).

Something tells me giving the car's immobilization system a routable IP address is not the best way to "fix security"


I almost want my next car to have a physical key, but a digital one. Back after mechanical keys but before wireless entry/start, there was a short period where you had to plug the entire keyfob into the dash to start the car... I want that back.

Mechanical keys have the "photograph" problem (i.e. a single photograph can be used to reproduce them). Wireless start has the wireless hacking problem (i.e. if you broadcast, that can be intercepted/manipulated/etc). Digital keys have neither of these, and can utilise real challenge/response protocols since the keyfob can be powered by the car while authenticating.

I will say I don't know if wireless entry will ever be secure. Too many technical problems to overcome, soon we'll be reproducing the military's channel hopping.


The mechanical keys used in VWs today can not be reproduced with photographing. They have non-standard cut-ins on both sides and also activate magnetical bolts inside the lock.


> a quick way to deploy security fixes remotely

Right, what could possibly go wrong?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: