【漏洞:大众汽车无钥匙进入系统并不安全】

【漏洞:大众汽车无钥匙进入系统并不安全】伯明翰大学Flavio Garcia教授的团队发布报告称:大众无钥匙进入系统有风险,可被黑客轻易破解。黑客们只需用40美元的无线电硬件,即可拦截车主密钥卡发送的信号并克隆密钥,进入汽车内部。而对于汽车制造商而言,弥补漏洞还需要一个漫长的周期。

Millions of cars at risk as keyless entry systems can be hacked, report says

大众

Cars that use Volkswagen’s remote keyless entry system are vulnerable to theft using equipment costing £30, researchers claim

nd Peugeot models are also at risk from a similar exploit, the researchers claim.

The three researchers from the University of Birmingham in England and a fourth from security company Kasper and Oswald GmbH in Germany, found models as recent as this year’s Audi Q3 were vulnerable. They said it is conceivable that all VW Group cars, with the exception of some Audis, are thus vulnerable to attacks because they rely on a ‘constant-key’ scheme.

The attack works by “eavesdropping” on the signal sent when a driver presses their key fob to unlock their car. With equipment costing as little as £30 the signal and be cloned and the hacker can then access the car in future. To clone the key’s signal the attack does need to be within 100m of the vehicle.

The report co-author Flavio Garcia said they believe some of the hackable cars are still on the market. He told Reuters: “There are still some VW car models being sold that are not on the latest platform and which remain vulnerable to attack.”

The researchers said the only exceptions were cars built on VW’s latest MQB production platform, which is used in its top selling model, the Golf VII, which the researchers found does not have the flaw.

The VW spokesman Peter Weisheit said that its current Golf, Tiguan, Touran and Passat models are not at risk from the attack, adding: “This current vehicle generation is not afflicted by the problems described.”

Advertisement

The Wolfsburg-based car maker confirmed it has had a constructive exchange with the researchers and that the authors had agreed to withhold details in their report that criminals could use to break into cars.

In 2013, VW obtained a restraining order against a group of researchers that included Garcia to prevent publication of a paper detailing how certain anti-theft car immobilisers were vulnerable to hackers. That research was published in 2015 after the authors agreed with VW to remove a detail that would have allowed thieves to figure out how to carry out an attack.

The authors also describe a second attack that could be used against Hitag2 (HT2) remote keyless entry systems used in older models of other car makers, running on circuits produced by Dutch-American chipmaker NXP.

An NXP spokesman said HT2 chips first introduced in 1998 have been gradually replaced by automakers since 2006 and that the chipmaker has advised them to replace HT2 chips in new cars since security weaknesses were reported in 2009 and 2012.

The reports’ authors said they had focused on mass-market models and did not analyse in detail VW’s luxury brands including Porsche, Bentley, Lamborghini and Bugatti.

The paper is set to be presented at the Usenix security conference in Austin, Texas, in the US on Friday

原文链接:https://www.theguardian.com/technology/2016/aug/12/cars-risk-keyless-entry-system-hacked-volkswagen


Comments are closed.



无觅相关文章插件