Weekly Brief: Millions of VW vehicles vulnerable to wireless key hack

Have a Volkswagen? Better buy a steering wheel lock. Researchers at the University of Birmingham, in concert with German engineering firm Kasper & Oswald, have found a wireless hack to unlock any VW built between 1995 and early this year. Translation: VW's awful year just got a lot worse.

The hack doesn't require anything fancy either. Just $40 (£31) for a radio receiver and some reverse engineering allows the contraption to intercept any VW wireless key fob, so long as it's within 300 feet of the vehicle. With one intercepted signal, it can create a clone and then use that cryptographic key signal to unlock the car. The hack also impacts some Audi,SEAT and Skoda vehicles. Scary stuff.

This isn't just bad news for VW. It corroborates the widely held fear that the more connected cars become, the more vulnerable they are, from their key fobs to their infotainment systems to the sensors in their advanced driver assistance systems. The University of Birmingham research team plans to reveal a second vulnerability this coming week at the Usenix Security Conference in Austin, Texas, that’s more complicated to execute but impacts on everyone from Ford to Fiat to Mitsubishi, Nissan and Alfa Romeo.

If you're tempted to believe that all this hacking mumbo-jumbo can be chalked up to the harmless buzzing of academic gadflies, last week proved that notion false, because two men were arrested in Houston, Texas, for using automotive diagnostic software on their laptop computers to reprogram key fobs to break into Jeep Cherokees and Dodges. They pulled this ruse more than a hundred times, then whisked the stolen cars across the border to Mexico, where they fetched top dollar on the black market.

And yet, security flaws or not, interest in connected cars just keeps on growing. The latest landmark courtesy of mobile industry research firm Chetan Sharma. Mobile phone service companies in the US added more cars to their networks than they did smartphones in the first quarter of 2016. You heard that correctly. New cars are now getting hooked up to networks like AT&T and Verizon faster than smartphones.

In other news, word leaked that Mercedes-Benz is planning to take aim at Tesla and BMW by creating a new sub-brand dedicated to luxury alternative-fuel cars. The line-up will have a distinct look and will debut this autumn with an SUV that can cruise 500kms before needing a charge. Mercedes has a fuel-cell version of the SUV and two electric sedans in the works as well, according to Bloomberg.

LeEco, the Chinese tech company that has invested big bucks in American electric vehicle start-up Faraday Future, revealed that it plans to build a $1.8Bn factory in China to launch its own line of EVs. The factory will be part of a sprawling theme park where self-driving, battery-powered cars whisk visitors from ride-to-ride but LeEco's ambitions are even larger. It wants 400,000 battery-powered EVs to lumber off its assembly line onto Chinese streets every year.

BMW is set to expand its network of DC fast charging stations, called ChargeNow by EVgo, into 25 new markets in the US. No surprise, California is the biggest benefactor with nine new regions getting plugged in. The Pacific Northwest, the Northeast and Texas are all on the list as well. ChargeNow works for drivers of the i3 electric hatchback and i8 plug-in hybrid sport coupe and it costs $99 per year or pay-as-you go.

Finally, Toyota backed up news of a new research facility at University of Michigan with the announcement of a $22M investment in artificial intelligence research at U-M. The research will pan out over four years in the fields of advanced driver assistance, autonomous driving and indoor mobility. As part of the agreement, U-M will issue a broad call for proposals from faculty across the university to address challenges in mobility, safety and home robotics.

The Weekly Brief is a round-up of the week’s top telematics news, combining TU-Automotive analysis with information from industry press releases.

Leave a comment

Your email address will not be published. Required fields are marked *