StaffAllpar HomeMore NewsCarsTrucksUpcomingRepairsTest drives

Many cars hacked/stolen daily; VW-Audi in the lead

by David Zatz on

According to Bloomberg, cars other than Chryslers are quite vulnerable to remote hacking — and car thieves have been taking advantage of that fact for years. 42% of stolen cars in London, according to the article, are taken by abusing the electronic locks. A fault in the RFID chip used by various automakers has been hidden since it was discovered by researchers in 2012, as companies sued the researchers to hold back their findings.

The flaw affects the Megamos Crypto transponder, which is used by Volkswagen-Audi Grup brands, Fiats, Hondas, Volvos, and some Maseratis (presumably not the Ghibli or Quattroporte). It will be presented at the USENIX security conference in Washington, DC, later this week.

The Megamos transponder uses a weak 96-bit cryptographic system (the SSL certificate on this site uses a 256-bit system). It run through every secret key option in under half an hour, handy when stealing a  Bentley or Porsche.

The researchers apparently went to the chip’s maker in 2012, a year later going to Volkswagen, which filed a lawsuit to block publication.

This is the latest in a series of attacks on cars, the most highly publicized of which was the remote takeover of a Jeep Cherokee using a flaw in the Sprint-based cell communication system, which was fixed at the network level on the same day; a firmware upgrade was also issued the same day and is available to all owners over the Web, but requires manual intervention. Dealers can install install the upgrade for free. Bloomberg did not mention any fix from Volkswagen-Audi, which has had two years to produce one.

Newest Ram Built to Serve models honor the U.S. Air Force

Former Ram chief engineer Michael J. Cairns
2021 Ram 1500 Rebel navigation screen
What’s new for ’21? The big list of changes

More Mopar Car
and Truck News

Some popular Allpar pages

Dodge Demon

2018 Wrangler JL

Staff details/contactsTerms of ServiceInformation is presented to the best of our knowledge. Plans change and sometimes mistakes are made. Decisions or purchases made based on this site's verbiage or images are done at the reader's own risk. Also see the Allpar News archives, 1997-2008 • Copyright © VerticalScope Inc. All rights reserved. • Mopar, Dodge, Jeep, Chrysler, HEMI, and certain other names are trademarks of Fiat Chrysler Automobiles.