The news of these days is the discovery of a security flaw in the keyless system, adopted by over one hundred million cars sold from 1995 onwards, which makes them vulnerable to a hacker attack and therefore to being stolen.
The study by University of Birmingham researchers and cybersecurity firm Kasper & Oswald focuses on Volkswagen, but the same system is being adopted by numerous other automakers, including Fiat, Alfa Romeo, Alfa Romeo, Citroen, Ford, Mitsubishi , Opel, and Peugeot.
The remote keyless entry (RKE) system allows you to open the car door without having to physically extract and use the key: simply by keeping the appropriate remote control key in your pocket or bag, the car “recognizes” when you are in proximity and unlocks not only the door but also the ignition system. It all works thanks to a radio signal sent from the car to the key to determine if it is nearby and, if so, unlock. The vulnerability derives from an insufficiently secure encryption (called HiTag) of the keys – in practice millions of keys that use the same encrypted information – which has allowed researchers to clone digital keys and create a sort of universal remote control capable of accessing millions of cars equipped with this system. The flaw can be exploited using a simple and cheap tool for receiving radio waves with software, available for less than 50 euros.
These types of vulnerabilities are not new, but they are systemic in the automotive industry where the topic of high tech car theft has been a topic for a long time. In fact, it had already been noted that in many cases it was sufficient to use a radio wave amplifier to simulate the proximity of the key and allow the car to be opened for theft, when in reality the key with remote control is at a certain distance, perhaps inside the restaurant where you went for dinner after having parked your car in front of it.
In the latter case, to defend against the possibility of theft, it is possible to purchase an antistatic bag at the cost of a few cents and always keep the key inside.
Another solution, even more drastic but feasible if you have already thought about changing vehicle, is to sell the car and switch to a latest generation model such as the Golf7 for example, in which the keyless system has unique keys which makes you immune to this type of vulnerability. According to Volkswagen spokesman Peter Weisheit, the Tiguan, Touran and Passat models are also not at risk.
