Later this week at the Usenix security conference in Austin, Texas the same group from the University of Birmingham and German engineering firm Kasper & Oswald plan to unveil some pretty disconcerting problems with the Volkswagen brand.
One such vulnerability gives potential attackers the ability to wirelessly unlock nearly every vehicle from Volkswagen over the last two decades. That includes Audi as well. The other attack affects Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel and Peugeot.
Using a $40 Arduino device potential thieves can intercept signals transmitted wirelessly through the air via key fob and then clone said key. It's then smooth sailing from there and the vehicle is able to be unlocked. It's not exactly simple by any means, equiring some reverse engineering on the thieves' part.
There's one special crytographic key value that millions of Volkswagen vehicles share, and using special radio hardware, this data can be intercepted, combining when a key fob is pressed to clone said key fob and then gain entry to the car.
The other attack, which will be revealed at Usenix as well, is a special cryptographic scheme called HiTag 2, where a hacker would need to use a radio setup like the Arduino kind used in the regular Volkswagen hack, intercepting special codes from drivers' key fobs and collecting codes that would eventually result in an unlock.
These are some chilling developments for Volkswagen and other vehicle owners to be sure, especially since these are the flaws that were identified and explained away -- what of those that are still out there? You can read the researchers' full paper here for more details on the study and what will be announced.