Volkswagen filed a lawsuit against a team of researchers in 2013 to keep them from publishing a study, one which outlines how a hacker could obtain a car’s Radio-Frequency Identification (RFID) code. What’s more? It could be done simply by intercepting the radio communication between the key and transponder using a $40 Arduino radio device.
The RFID is responsible for activating a car’s engine, particularly in luxury cars.
Volkswagen argued that publishing the paper would compromise the security (not that it wasn’t already compromised) not only of luxury cars but all other cars that use their Megamos Crypto algorithm.
A year after that paper finally got out, the researchers are back with another disturbing slap. It’s not just the ignition that was vulnerable—the keyless entry system that unlocks the car’s doors are also flawed. So. Practically all 100 million Volkswagen cars sold since 1995 are susceptible. Apart from this, they have found that millions of cars share four similar secret keys, and that a car can be hacked in as little as 60 seconds.
This new attack affects not just Volkswagen, but millions of additional vehicles—from Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.