StaffAllpar HomeMore NewsCarsTrucksUpcomingRepairsTest drives

Many cars hacked/stolen daily; VW-Audi in the lead

by David Zatz on

According to Bloomberg, cars other than Chryslers are quite vulnerable to remote hacking — and car thieves have been taking advantage of that fact for years. 42% of stolen cars in London, according to the article, are taken by abusing the electronic locks. A fault in the RFID chip used by various automakers has been hidden since it was discovered by researchers in 2012, as companies sued the researchers to hold back their findings.

The flaw affects the Megamos Crypto transponder, which is used by Volkswagen-Audi Grup brands, Fiats, Hondas, Volvos, and some Maseratis (presumably not the Ghibli or Quattroporte). It will be presented at the USENIX security conference in Washington, DC, later this week.

The Megamos transponder uses a weak 96-bit cryptographic system (the SSL certificate on this site uses a 256-bit system). It run through every secret key option in under half an hour, handy when stealing a  Bentley or Porsche.

The researchers apparently went to the chip’s maker in 2012, a year later going to Volkswagen, which filed a lawsuit to block publication.

This is the latest in a series of attacks on cars, the most highly publicized of which was the remote takeover of a Jeep Cherokee using a flaw in the Sprint-based cell communication system, which was fixed at the network level on the same day; a firmware upgrade was also issued the same day and is available to all owners over the Web, but requires manual intervention. Dealers can install install the upgrade for free. Bloomberg did not mention any fix from Volkswagen-Audi, which has had two years to produce one.

David Zatz founded Allpar in 1998 (based on a site he had begun in 1993-94), after years of writing reviews for retail trades. He has been quoted by the New York Times, the Daily Telegraph, the Detroit News, and USA Today. Before making Allpar a full-time career, he was a consultant in organizational psychology. You can reach him by using our contact form (much preferred) or by calling (313) 766-2304

Tornado following the Hurricane?
rff 2019 ram 1500
See the clear, sharp 2019 Ram video; no crosshairs?
2018 jeep compass gauges
Oops: Compass “bright dash” recall

More Mopar Car
and Truck News

Some popular Allpar pages

Dodge Demon

2018 Wrangler JL

Staff details/contactsTerms of ServiceInformation is presented to the best of our knowledge. Plans change and sometimes mistakes are made. Decisions or purchases made based on this site's verbiage or images are done at the reader's own risk. Also see the Allpar News archives, 1997-2008 • Copyright © 2008-2017, Allpar LLC. All rights reserved. • Mopar, Dodge, Jeep, Chrysler, HEMI, and certain other names are trademarks of Fiat Chrysler Automobiles.