Electronic 'car-hacking' used to steal thousands of vehicles

Researchers in the UK and Holland have finally published a report into electronic 'car-hacking' which was suppressed by a court at the request of the German car manufacturer Volkswagen two years ago.

Their findings suggest that car makers need to step up the security of their immobilisers, with thousands of thefts a year attributed to high-tech thieves who use computer hacking to steal vehicles, says The Independent.

Volkswagen argued that the report would teach thieves how to steal their cars ­­– and a High Court judge agreed. But now the firm has agreed to publication, with just one sentence redacted, according to the academics who wrote the report.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

In their study, Flavio Garcia and Roel Verdult from Birmingham University, and Baris Ege from Radboud University in Nijmegen in the Netherlands, identified "several weaknesses" in the Megamos Crypto, a Swiss-made security device used by several manufacturers.

The system should mean that a car's engine won't start without the right key. A unique code is sent between the key fob and the car wirelessly. However, the researchers say it is too easy for thieves to eavesdrop on this code and learn it.

By 'listening' to just two such exchanges of data, the researchers were able to learn the code within 30 minutes. A computer can then be used to send the code to the car, which will start without the key present.

The team highlighted situations like valet parking as particularly problematic – if thieves can get hold of both the key and the car for a short while they can learn the code. The car can then be stolen later when it is safer to do so.

The researchers said they started their work after police claimed that cars were being stolen but nobody could "explain how". The Independent says experts warn that a general rise in car crime in the UK could be masking this new type of theft.

The report concludes that car companies must start using stronger encryption to ensure that their cars are secure.