back to article Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button

Security researchers will demonstrate how crooks can break into cars at will using wireless signals that can unlock millions of vulnerable vehicles. The eggheads, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, have managed to clone a VW Group …

  1. Magani
    Coat

    "... protection against theft of millions of cars at a conference tomorrow."

    So if no one drives to the conference, there will be no cars stolen? I was just leaving...

    1. Anonymous Coward
      Anonymous Coward

      They are clearly expecting a lot of people will drive there to listen to the talk and drive home in each others cars.

  2. EvilGardenGnome
    Mushroom

    So long and thanks for all the fish

    Welp, it was nice knowing VW. Between faking diesel numbers and this, it'll be interesting to see them survive the lawsuits.

    1. Anonymous Coward
      Anonymous Coward

      Re: So long and thanks for all the fish

      Welp, it was nice knowing VW. Between faking diesel numbers and this, it'll be interesting to see them survive the lawsuits.

      Investors might take a haircut, but as one of Germany's largest companies (probably THE largest German company), anybody who thinks that the German government will just watch VW shrivel into the hands of a US vulture fund is kidding themselves.

      1. Anonymous Coward
        Anonymous Coward

        Re: So long and thanks for all the fish

        I see... then VW will take the entire German economy down with it.

        Get ready for....... Gerxit

      2. William 3 Bronze badge

        Re: So long and thanks for all the fish

        Why would the German Government protect a German Manufacturer when they can't even be bothered to protect the German Culture or Country?

        1. Bronek Kozicki Silver badge

          Re: So long and thanks for all the fish

          You do not seem to be aware of the relation between German economy and car manufacturers. Also, 20% of VW is effectively state-owned

          1. Anonymous Coward
            Anonymous Coward

            Re: So long and thanks for all the fish

            > Also, 20% of VW is effectively state-owned

            How do they get round the EU rules on that then?

            Oh - hang on - EU rules don't apply to Germany or France..

            1. BebopWeBop Silver badge

              Re: So long and thanks for all the fish

              I don't know enough about counties like Denmark, but France, Germany, Italy and Greece seem to have very relaxed views of the interpretation of EU wide legislation, in their favour. The U.K. Uniquely, amongst the larger nations tends not to (although they do seem to be taking a much more reasonable point of view over vaping legislation - disclaimer, I don't). If I was writing a sketch for Yes Minister, Sir Humphrey would be organising it all..... In the name of unity of course.

            2. big_D Silver badge

              Re: So long and thanks for all the fish

              It is the regional state governments that hold shares in VW, the investment is not at the Federal level.

              Oh, and the German courts have given the OK for those investors to sue the board for misleading them and trashing their investments.

  3. Anonymous Coward
    Anonymous Coward

    Quick Release or build it like it is in my head

    What if car manufacturers take a leaf out of Formula 1's book and develop detachable steering wheels for family saloons etc? The steering wheel could have a unique serial number that hardware in the steering column could detect and would only allow that wheel to operate the vehicle? No steering wheel, no worries!

    1. Adam 52 Silver badge

      Re: Quick Release or build it like it is in my head

      The manufacturers would use a few, easily hacked master keys to validate the steering wheel and we'd be back to square one.

      Or was that a joke that's gone over my head?

    2. Ben Tasker Silver badge

      Re: Quick Release or build it like it is in my head

      Inevitably leading to someone having to stand at the tobacco counter at Tesco's as their icecream nelts and say, errr... has anyone handed in a steering wheel? I'm sure I had it when I paid, but can't find it anywhere

      Not that I once realised I'd left my wallet on the counter once I'd driven 100 miles. Thankfully there was enough diesel in the tank to get back

      1. David 132 Silver badge
        Happy

        Re: Quick Release or build it like it is in my head

        Inevitably leading to someone having to stand at the tobacco counter at Tesco's as their icecream nelts and say, errr... has anyone handed in a steering wheel? I'm sure I had it when I paid, but can't find it anywhere

        "Nah mate, but we've had this old quartic one from an Allegro knocking around spare since the rest of the car rusted away - you can have it to get you home..."

        "Thanks, but I'd rather walk."

      2. 's water music Silver badge

        Re: Quick Release or build it like it is in my head

        Not that I once realised I'd left my wallet on the counter once I'd driven 100 miles

        Well better that than getting to 100 miles before realising that you have left the removable steering wheel behind.

        Incidentally, does this mean that if I use this technique to steal a VW I would be able to to join the class action suit for the emissions fiddling?

    3. Anonymous Coward
      Anonymous Coward

      Re: Quick Release or build it like it is in my head PT2

      Ok then, how about a FREE Rottweiler with every Golf GTi?

      Wireless, wireless, wireless, you're all fuckin wireless mad!!!

      1. PNGuinn
        Trollface

        FREE Rottweiler

        But would you want to trust the security features of another german designed dog?

        And what about the emissions?

        1. CrazyOldCatMan Silver badge

          Re: FREE Rottweiler

          > features of another german designed dog?

          Rotties are (pretty much) Roman cattle dogs - one of the oldest extant breeds from what I can remember.

          I like Rotties.

    4. GitMeMyShootinIrons

      Re: Quick Release or build it like it is in my head

      Too bulky. I remember removable car radios (or facias in many cases). Often left in place or stuffed in the 'secure location' of the glove box.

      Needs a DNA reader - a nice big needle stabs into your hand, drawing half a pint of blood....

    5. Anonymous Coward
      Anonymous Coward

      Re: Quick Release or build it like it is in my head

      Do self-driving cars need steering wheels?

    6. hplasm Silver badge
      Happy

      Re: Quick Release or build it like it is in my head

      You are Mr Bean and I claim my Five Pounds!

      1. AMBxx Silver badge
        Coat

        Re: Quick Release or build it like it is in my head

        Plenty of LR Defender owners remove the steering wheel at night to prevent theft. Those of us with poor in-built security are well versed in using layers of security. Looks like those with more modern vehicles need to do the same.

        Mine's the one with 2 trackers, smart water sprinkled liberally, etched windows, huge sterring immobiliser and steel grills over the rear windows.

        1. Alister Silver badge

          Re: Quick Release or build it like it is in my head

          Plenty of LR Defender owners remove the steering wheel at night to prevent theft.

          Well I've driven a Land Rover with just a pair of mole-grips on the end of the steering column, so I'm sure a thief would get around it.

    7. Prst. V.Jeltz Silver badge

      Re: develop detachable steering wheels

      " develop detachable steering wheels"

      well I remember when car stereos used to be removable - and people would plonk them on the bar in a pub like a status symbol. (pinstripe shirt and braces wearing types) .

      Somewhere down the line the stereo manufactured realised you didnt have to drag the whole stereo around with you and the "removable front panel" was invented.

      Further down the line, ie today , for those who still want the "take it with you" security placebo its now just a small "KEY" that comes out of the stereo.

      Full circle.

      1. SImon Hobson Silver badge

        Re: develop detachable steering wheels

        ... and the "removable front panel" was invented

        And not long afterwards, there came a new market down the pub selling "replacement" front panels ...

    8. Erlang Lacod

      Re: Quick Release or build it like it is in my head

      It used to be practical to do this for family cars up until driver's side airbags became steering wheel mounted. detachable steering wheels are quite a common site for kit cars and some classic cars.

      1. Anonymous Coward
        Happy

        Re: Quick Release or build it like it is in my head

        "detachable steering wheels are quite a common site for kit cars and some classic cars"

        Mine was locked to the roll bar and spare wheel by a bad ass lock and chain.

    9. ChrisBedford

      Re: Quick Release or build it like it is in my head

      The steering wheel could have a unique serial number that hardware in the steering column could detect

      Or in other words, exactly like the immobiliser chip in the key currently works? I have to point out, a key is a lot more convenient to carry in your pocket than a steering wheel.

    10. x 7

      Re: Quick Release or build it like it is in my head

      "What if car manufacturers take a leaf out of Formula 1's book and develop detachable steering wheels for family saloons etc? "

      the siting of airbags in the wheel would stop that......

      however many years ago in a pub alongside the docks in Dublin I was amused to see a rack of steering wheels hanging on the wall while their owners drank excess amounts of Guinness. The steering wheels were routinely removed on parking to prevent the local teen joyriders........

    11. big_D Silver badge

      Re: Quick Release or build it like it is in my head

      So, you want to replace a small, pocketable key for a big one that people will just leave in the car? I can't see people wandering around the local supermarket, steeringwheel in hand.

      The problem isn't the form factor of the key, but the fact that the serial numbers in the keys are based on a very small number of master serial numbers, which means they can be easily cracked. Whether you put the serial number (generator) in the key or the steering wheel doesn't make any difference, you would just need a steeringwheel with the software hack, as opposed to a key with the software hack.

  4. Adam 52 Silver badge

    "Garcia was previously blocked from giving a talk about weaknesses in car immobilisers following a successful application to a British court by Volkswagen"

    Slightly more detail on this here:

    https://www.theguardian.com/technology/2013/jul/26/scientist-banned-revealing-codes-cars

    Very dodgy decision if you ask me.

    1. Cynic_999 Silver badge

      Why was it a dodgy decision? VW did not want the entire paper suppressed, but merely wanted the actual code (cryptographic key) redacted. That would not have reduced the academic purpose of the paper one bit, but would have prevented criminals having the actual key needed to steal cars. The researchers refused to publish the paper without the key.

      1. Anonymous Coward
        Anonymous Coward

        The researchers refused to publish the paper without the key.

        .. which shows the ever present gap between academics and the real world. Sadly, because if the two could occasionally meet properly, both would gain. Now only the lawyers did..

        1. werdsmith Silver badge

          The academics needed to prove what they were saying and needed the real details to do that.

          Otherwise they could be just making it up.

        2. Anonymous Coward
          Anonymous Coward

          Actually in the real world the crooks already have the key. By redacting it from the paper VW could have pretended their security isn't entirely broken and continue to do nothing to protect their customers.

      2. Aitor 1 Silver badge

        Is this a joke?

        If you publish a paper, other scientists must be able to reproduce your claims, and you must basically prove what you say.. no key no prove.

        1. Bry-Itech

          Re: Is this a joke?

          Redact the key and advise others who wish to prove the paper to apply for the key from the key holder in order continue their research

        2. Stevie Silver badge

          Re: Is this a joke? 4 Altor 1

          Reproducing the results would surely start with finding the key for yourself. That is the vulnerability, after all.

          So I can't agree with your position.

  5. Nunyabiznes Silver badge
    Joke

    From the Department of Redundancy Department

    I'm glad they didn't have to wired unlock a wireless unlock.

    1. Will Godfrey Silver badge
      Happy

      Re: From the Department of Redundancy Department

      Incidentally, I too, picked that up as well, incidentally.

    2. Anonymous Coward
      Anonymous Coward

      Re: From the Department of Redundancy Department

      Beat me to it, have an upvote.

      Original headline: Thieves can wirelessly unlock up to 100 million Volkswagens wirelessly at the press of a button

      1. Woodnag

        And...

        ...I upvoted you for your courtesy. Call it an untroll point :)

      2. David 132 Silver badge
        Happy

        Re: From the Department of Redundancy Department

        Original headline: Thieves can wirelessly unlock up to 100 million Volkswagens wirelessly at the press of a button

        "..across a wireless WLAN network, using just a PIN number..."

  6. Anonymous Coward
    Anonymous Coward

    Just give me a physical key, please

    Personally I'm not a fan of keyless entry. I prefer some mechanics, also because it gives me an emergency power switch in case things go wrong. In a keyless car it should actually mandated they have the same sort of kill switch installed as is required on racing cars, for the same reason: in case of problems, kill the damn thing.

    Admittedly that'll be a bit harder with electric cars, though (imagine the cabling), but I've worked long enough with electronics and computers to know that a last resort ability to kick the plug out of the socket is not as much a luxury or overengineering as it appears.

    1. Andy Non Silver badge

      Re: Just give me a physical key, please

      I can see those mechanical crooklock type steering wheel locks becoming popular again.

      1. John Brown (no body) Silver badge

        Re: Just give me a physical key, please

        "mechanical crooklock type steering wheel locks"

        Most of which could be removed by an experienced car thief quicker than the real owner could with the key.

    2. Thoguht Silver badge

      Re: Just give me a physical key, please

      "In a keyless car it should actually mandated they have the same sort of kill switch installed"

      The engines of keyless Fords can be turned off by pressing and holding the Start button, or by pressing it quickly three times.

      1. Stoneshop Silver badge

        Re: Just give me a physical key, please

        The engines of keyless Fords can be turned off by pressing and holding the Start button, or by pressing it quickly three times.

        That's not an emergency cutout; it still relies on some piece of software to not have gone titsup. It's not something I'd trust to kill the engine, unless it's some dedicated, separate piece of hardware that controls a Big Chunky Relay killing power to vital parts of the engine (but not braking and steering). But a direct mechanical way to get the relay to disconnect would still be on my requirements list.

      2. Fluffy Cactus

        Re: Just give me a physical key, please

        Kill switch, huh?

        Well, you could attach a mechanical device that cuts the battery cables, the radiator fan belt and a few

        spark plugs, when you pull on that string. Or install a hand grenade that literally blows the engine exactly when you want it to happen. The "sugar in the tank", "sand into the crank case", or "sausage into the

        exhaust pipe" methods work slower, but could also be updated and robotized. So many ways to kill an engine.

    3. Fluffy Cactus

      Re: Just give me a physical key, please

      Yup, that's right. The battery on my FOB died, and I haven't found the time to replace it, so I am using my physical key again.

      It's a whole new world, because no sneaky FOB-radio-listening-hacker can ever get my code. They can of course use physical methods to steal my car, but, hey, who would want to steal a 20 year old rust bucket with a resale value of close to nada, zero and zilch. I am so safe, it's unbelievable.

      But merely as an engineering idea, I think one could come up with an ever-changing random code, such that each time the FOB is used, the code changes. Something with PGP and such with an extra allotment of whatnot.. With radio waves that lie when listened to, in a quantum jumpy sort of way.

      (Yes, your honor, my FOB is smarter than me, yes, my FOB lied, because we told it to.) With a code that is embedded in a bunch of random garbage, and only the car and the FOB knows where it begins or ends. As in: 512 bits of garbage, 5 bits of code, 463 bitsa garbage, 7 bits of code, 585 bits of garbage, 39 bitsa code, 4567 bitsa garbage, 85 bitsa code, plus extra garbage, with the beginning and end of garbage changing based on random crap, time of day, the measurment of marigolds and the weight of sunspots. How hard can it be, when you are inspired?

      Like tomato sauce, except without garbage, it's all in there, salted, spiced, amazing and undoable.

      I wish I wan't too dumb to be a genius.

      Of course, anything will eventually get cracked, just to keep people on their toes.

      Until then, thieves have to go for the obvious and quietly break the mostly still breakable windows.

      Shhhhhh! Be very very quiet, we are hunting VW's...

    4. Anonymous Coward
      Anonymous Coward

      Re: Just give me a physical key, please

      The best kill switch would be:

      "Computer, engage auto destruct!!"

  7. Anonymous Coward
    Anonymous Coward

    May be able to unlock the car but can you start them .... doesn't that depend on a transponder in the key that is different from the lock system (unless you've got one of the new "keyless" systems ... but don't think VW have this)

    1. Velv Silver badge
      Boffin

      Layers of security

      Once inside you can plug into the OBD and attack the poorly protected management unit

      Plus you can steal the packet of polos in the glove box

      1. Invidious Aardvark

        Yo dawg, we heard you like to steal polos so we put a packet of polos in the polo so you can steal a polo while you steal a polo.

  8. Gene Cash Silver badge

    BBC on car privacy

    There was an article about car privacy and all the new connected services that you CAN'T disconnect

    http://www.bbc.com/autos/story/20160809-your-car-is-not-your-friend

    He has a VW and was told to bark up a tree when he asked about disconnecting Car-Net. He even got a letter from VW saying "hahaha, no"

    He also looked at a forum posting about an incredibly difficult procedure to dig out the unit and trash it.

    Only when the BBC contacted VW for comment did they say "oh no, that letter is wrong, we can disconnect that!" and they also said "the BBC is picking on us and making us seem like a bad guy!"

    This is the sort of condescending "we know best" attitude that makes me cheer on the hackers for a change.

    I hope VW gets reamed by thefts and lawsuits. Fucking assholes.

    1. Anonymous Coward
      Anonymous Coward

      Re: BBC on car privacy

      Weird, that. I have it on VERY good authority (think high level insider) that Audi actually has special proxies in place for all that traffic to protect privacy (and has for years, it's not even a new idea), so I'm a bit surprised that VW would somehow use a lesser approach. Maybe you were talking to UK people who didn't bother calling Germany but just gave you the weirdo treatment - I've had that attitude from a few companies so it would not surprise me in the least.

      Germany is fairly hot on privacy, probably more so than on emission cheats..

      1. hplasm Silver badge
        Facepalm

        Re: BBC on car privacy

        "Audi has...special proxies in place for all that traffic to protect privacy..."

        The way Audis are driven, the drivers probably need to hide their identities.

        Shame about the vanity plates though. Tossers.

        1. Anonymous Coward
          Anonymous Coward

          Re: BBC on car privacy

          The way Audis are driven, the drivers probably need to hide their identities.

          So they're the new BMWs. And? From an engineering perspective they're quite well done, so if I wasn't planning on buying a Range Rover, Audi would be my second choice. I just wish Tesla's looked better, they strike me as the ideal city car.

          1. CrazyOldCatMan Silver badge
            FAIL

            Re: BBC on car privacy

            > (Audis) From an engineering perspective they're quite well done

            Au contraire - any car that needs about a pint of oil a month[1] isn't 'well done' - it's crap. None of the cars I've owned have used that amount (not even the Rover Sterling - mind you, that had a 2.7V6 Honda engine). Not even my wife's Morris Minor uses that amount and she uses it pretty much every day!

            [1] All the company cars my previous place had used oil like it was going out of fashion - the local Audi garage said it was "because of their racing heritage". Tell that to Jaguar, Honda et. al.)

            1. Anonymous Coward
              Anonymous Coward

              Re: BBC on car privacy

              Au contraire - any car that needs about a pint of oil a month[1] isn't 'well done' - it's crap.

              I think your local garage needs to be audited if they do their servicing well. I've had Audis for years and I only ever had to add oil once between regular services because I'd done a month worth of German motorways on some project and I gave in to the inevitable temptation that that and a rather enthusiastic V8 under the hood brings (not during peak hours, of course). *Oil* use wasn't a problem, but you don't half burn through fuel when you go fast.

              Oil use was an issue about 20 years ago.

  9. Anonymous Coward
    Windows

    Look to the future

    Once Windows 10 for Autonomous Vehicles, powered by Bing(tm) Insider Preview ships we won't have these sorts of problems.

    1. hplasm Silver badge
      Windows

      Re: Look to the future

      A whole new raft of problems there.

      The doors probably stay wide open, for starters...

  10. Bucky 2

    If this were a plot element in a movie, it would be hilarious. I'm picturing Seth Green pushing a button, and all the cars within 10 city blocks unlock, and all their doors fly open.

    Then a parade of Mini Coopers filled with gold zoom by on the sidewalks or something while the New Yorkers get out of their cars and start swearing at each other.

    Good times.

  11. Anonymous John
    Coat

    But what are the thieves going to do with 100 million stolen cars?

    1. Anonymous Coward
      Anonymous Coward

      They are going to sell them to 100 million people who had their car stolen.

  12. DougS Silver badge

    As the owner of a vulnerable Audi

    All I can muster is a yawn. I never felt my car was invulnerable to thieves when locked. Pretty sure a Slim Jim will still be the tool of choice for the typical thief. Maybe if I had something really expensive like the R8 I'd be worried about sophisticated thieves using a wireless unlocking hack...

    1. SImon Hobson Silver badge

      Re: As the owner of a vulnerable Audi

      Pretty sure a Slim Jim will still be the tool of choice for the typical thief

      I think you'll find that modern designs cater for that.

      Maybe if I had something really expensive like the R8 I'd be worried

      So you never have to leave anything of any value in the car then ? This isn't about stealing the car (it's already been mentioned that you'd still have the immobiliser system to get around), but about unlocking it. In principle, you could have left the (for example) Christmas shopping in the car while you take a break/do more shopping/have a meal/whatever - and meanwhile someone can come along, unlock the car, take the shopping, and lock the car before they leave. Or you might need to leave the laptop in the boot while you go out for a meal with mates after work. Or ...

  13. Pascal Monett Silver badge

    I have an A5

    I like it. it's a beautiful car, sleek figure, 240hp. When I put the foot down, it goes. I like that.

    Now I learn that any technically-inclined scum can wave a magic wand and I'm losing my car ?

    Not happy.

    I'm going to confront my dealer on this.

    1. Jon B

      Re: I have an A5

      Be careul, you're beginning to sound like a typical self-entitled Audi driver

    2. John Brown (no body) Silver badge

      Re: I have an A5

      like it. it's a beautiful car, sleek figure, 240hp. When I put the foot down, it goes. I like that."

      Did you buy the optional indicator add-on system? Unlike the A5 twat on the motorway today who nearly wiped me out when he decided to change lanes without looking or indicating.

      Note, only half joking. I drive a *lot* and the vast majority of the twats doing stupid things seem to be Audi, BMW or Merc drivers.

    3. Dr_N Silver badge

      Re: I have an A5

      "I have an A5

      I like it. it's a beautiful car, sleek figure, 240hp. When I put the foot down, it goes. I like that."

      Out of the way, plebs.

      Audi driver coming through.

    4. Jimmy2Cows Silver badge
      Coat

      Re: I have an A5

      I like it. it's a beautiful car, sleek figure, 240hp. When I put the foot down, it goes. I like that.

      Pfft. Only 240?

      If you're gonna buy a wang enhancer, at least do it properly.

      Mines the one with the 576bhp GTS keys in the pocket...

      1. moiety Silver badge

        Re: I have an A5

        Be careul, you're beginning to sound like a typical self-entitled Audi driver

        Can't be - he indicated his intentions before embarking on a course of action.

    5. Down not across Silver badge

      Re: I have an A5

      I like it. it's a beautiful car, sleek figure, 240hp. When I put the foot down, it goes. I like that.

      Now I learn that any technically-inclined scum can wave a magic wand and I'm losing my car ?

      '91 XJS V12HE. 295bhp. It goes well enough (150mph+) if you want it to.

      No matter of wand waving is going to make it magically open the doors either.

      Matter of opinion of course, but looks better too.

      1. quxinot Silver badge

        Re: I have an A5

        "'91 XJS V12HE. 295bhp. It goes well enough (150mph+) if you want it to.

        No matter of wand waving is going to make it magically open the doors either."

        Wirelessly opening the doors is easy on pretty much any car I've ever seen. The high-tech solution is called a "brick".

        <Insert snide comment about anything having Windows being easy to get into here>

  14. Boris the Cockroach Silver badge
    WTF?

    Take a leaf

    from the motorcylists book

    My bike has an immobilizer fitted, wireless transmitter in the key sort of nonsense, but that still does'nt stop me from putting a very solid lock through the front wheel so the bike cant go walkies

    Crooklock the steering wheel.... only way to be sure

    And car makers.... what was so wrong about having a mechanical lock........................

    1. Lee D Silver badge

      Re: Take a leaf

      Once you're in the car, you have all the time in the world to remove a crooklock out of sight of even passers-by. And you can rummage through the glove compartment, nick the radio, etc. in your own time too so it would never be a total loss.

      And I've yet to see a single insurer provide a discount for you using Crooklocks or similar. There's a reason for that. Most of them can be opened quite easily so long as there's not a crowd breathing down your neck.

      Who's going to stop the bloke sitting in "his" car fiddling with his phone on his lap? Because you'd be hard pushed to tell the difference.

      To be honest, the only thing you ever get insurance discounts for are a) parking it somewhere slightly safer the majority of the time and b) putting in an approved tracking device so it can be recovered. Other than that, you're generally wasting your own time and money more than the crook's. A pair of bolt-cutters will cut right through anything you attach to your car (wheel clamps, Crooklocks, etc.).

      The biggest hindrance is generally opening the doors quietly, and then starting the engine against all the modern electronics. Everything above and beyond that is really small-fry in comparison.

      And in most cases they probably could just walk through a quiet car park, open one in every 10 cars with a gadget like this, and just have a peek in the centre console for change and make enough in 20 minutes to make it worth their while.

      1. Anonymous Coward
        Anonymous Coward

        Re: Take a leaf

        I think you'll find that not even Tracking Devices get you an insurance discount these days.

        I bought a relatively new SL recently and naturally enquired about adding a Tracker. £750 installation, £100-ish per year, seems expensive. So, I rang around a few insurance companies to find out whether the associated discount would cover the expense.

        The result? Zero discount. All of them. So, my current insurer will just have to wear the claim if the car is stolen, as there's absolutely no reason for me to spend my hard-earned...

        Anon, obviously ;)

  15. Anonymous Coward
    Anonymous Coward

    Old news

    This was first noticed two years ago.

  16. wsm

    Golden keys

    Are VW in groupthink with Microsoft?

  17. Anonymous Coward
    Anonymous Coward

    Volkswagen is the People's Car

    1. hplasm Silver badge
      Devil

      Volkswagen is the People's Car

      So not like MS then.

  18. Kevin McMurtrie Silver badge

    No need for hacking

    As it has been demonstrated before, VW keys don't need to be hacked because they're transponders. The natural decay of RF energy is their only security mechanism. An analog RF relay will open the doors and start the engine. I haven't hooked up my 'scope to the door yet, but it wouldn't surprise me if it used frequencies compatible with off-the-shelf cable modem range extenders.

    You can pull the transponder battery out for security. The driver door has a hidden keyhole and there's a short-range RFID sensor on the steering column.

    1. Kevin McMurtrie Silver badge

      Re: No need for hacking

      I put a 'scope on the door handle. Touching the handle emits a coded EM signal in the audio frequency range that the transponder replies to. I was able to activate the transponder from a distance using a crappy old Archer Mini Amplifier (LM386 demo circuit in a box) and a couple of coils as a low frequency signal relay. A Satellite TV amp should be able to relay the return path from the transponder. Add directional antennas and you have an open car.

  19. allthecoolshortnamesweretaken

    Taking the 'sharing economy' yet another step further!

    BTW, doesn't VW also own Bentley these days?

  20. Slx

    Considering that you could open a typical 1980s/90s car with a coat hanger and the could be hotwired in about 10 seconds by someone who knew how, I don't think we are really any worse off.

    I think though were are going mad on unnecessarily insecure wireless technology just because it's cool looking. I can't really see the great advantage of keyless ignition. At least when you have to insert a key or fob you know where your keys are!

  21. Anonymous Coward
    Anonymous Coward

    Car masterkey

    Half a house brick.

    All models catered for, except armored vehicles.

  22. Anonymous Coward
    Anonymous Coward

    In the 70's

    Ford Australia made a very limited number of car key sets.

    I could open other people's car now and again.

    Heck, I had a Holden that could be opened and started with a paddle-pop (ice lolly) stick.

    1. Phil O'Sophical Silver badge

      Re: In the 70's

      That was the standard almost-joke in the UK in the 70s. If you locked yourself out of a Ford you just popped into the nearest pub & got everyone with a Ford key to try, you'd be almost certain to find someone who could open your car.

      1. Roger Greenwood

        Re: In the 70's

        Ah the old Ford takeaway - my mate had one that I could open with a Morris Ital key.

  23. DvorakUser

    A locked door...

    The door being locked - wirelesly or mechanically - will only temporarily slow someone who truly wants in. With a car, the easiest response is to break a window and get in that way. For a house, probably similar.

  24. Anonymous South African Coward Silver badge

    So glad I have two vehicles sans keyfobs - you need to physically unlock the door to gain entry.

    But the half-brick entry will still work here, though.

  25. goldcd

    VW haven't responded?

    DESPITE being aware of this for at least the 2 years they gagged him?

    I'd have hoped they'd have used this time to maybe oh I dunno, recall and fix a chunk of 100 million cars, but failing that at least put a note in PR's calendar to ask them to prepare a statement on "We take security very seriously blah blah".

  26. Anonymous Coward
    Anonymous Coward

    Re. VW haven't responded.

    Repeat after me.

    "Security by obscurity is no security at all".

    This is despite being quoted £160 this week for a new fob for my i10, which could write off the car as there is a 5% chance of the ECU failing during the creation of 2 new keys which is a £500+ disaster.

    I have it on good authority that nefarious folks are also using the well known drill-hole-in-battery method of ruining security, as most cars don't have any protection against this particular threat.

    Insurance companies should look for evidence of lead oxide and sulphuric acid residues directly under where a "stolen" car was parked with a multispectral imaging device.

  27. James 36

    title

    Until people make buying choices based on security then this will continue to be the case.

    People might start to care if they understood that but at the moment the sales is done before the individual know their P&J is so easily stolen.

    Maybe insurance companies should start assessing the security of cars to decide on the risk of theft and then adapt premiums. If I was an underwriter I would be ramping up premiums on VAG cars until the manufacturer fixed the issue and had it independently tested.

    Really high insurance helped kill the hot hatch for a while until security got better.

  28. Wayland Bronze badge

    True for years

    A criminal friend of mine told me how his friends had devices which would disrupted the remote car locks and leave the car open. He also said how they had duplicated the system the dealerships have of replacing lost electronic keys. This is not new but it's interesting that it has been made public.

  29. Anonymous Coward
    Anonymous Coward

    Our party guests can keep their keys in their pocket now and the dish is redundant. First out picks the best car!

  30. This post has been deleted by its author

  31. VinceLortho
    Facepalm

    Innovation Over Security

    Security (hard security anyway) is always (always) left as the last priority in SW projects. But, this is a lock. You'd think it would be first.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020