Sandra Bullock, hacking victim, in THE NETEnlarge Photo
The auto world has been thinking a lot about hacking lately. For years, it wasn't much of a concern, but now that many new cars are connected to telematics networks like Uconnect and OnStar and to cellular networks via dongles attached to their onboard diagnostics ports, our rides are becoming increasingly vulnerable.
CHIPS ARE DOWN AT VOLKSWAGEN
Volkswagen's story is perhaps the more troubling, and it's definitely the harder to repair. That may explain why the automaker spent two years trying to hide the information from the public.
VW's vulnerability is rooted in radio-frequency identification (RFID) chips manufactured by Megamos Crypto. Those chips help keep VW vehicles locked up tight and prevent them from starting without the proper key fob.
Unfortunately, at least one team of researchers has broken Megamos' cryptographic system, making it possible to carry out brute force attacks on vehicles equipped with the chips. Brute force attacks are basically automated trial-and error attempts to break through security walls. They can take time, sifting through all the possible combinations of "passwords", but eventually, they find a way through.
How much time do they need? Researchers Roel Verdult, Baris Ege, and Flavio Garcia rammed through one of Megamos' chip systems in about 30 minutes.
On the upside, that's a long time for just one break-in. For most thieves, the return isn't worth that kind of effort or risk.
On the downside, plenty of luxury vehicles like Bentleys and Lamborghinis use Megamos RFID chips, and those cars are often targeted by car thieves looking to steal very specific vehicles. In such cases, 30 minutes is nothing, given the cash that thieves can score in exchange for a boosted ride.
Also on the downside: Megamos chips are found in plenty of other cars, too, including some made by Fiat Chrysler and Honda.
But the biggest problem of all is that fixing these systems isn't just a matter of rewriting a few lines of code and sending out an over-the-air update. The chips themselves and the transponders with which they communicate have to be removed and replaced, which is time-consuming and costly.
Volkswagen was told about the problem in 2013 and sued the researchers to keep their findings out of public view. The group has been negotiating with VW for the past two years to publish their work. They're sharing it this week at a conference in Washington, D.C., with one key sentence redacted.
APPS GO AWRY FOR BMW, BENZ
The problem with BMW and Mercedes-Benz vehicles is just as dangerous -- maybe even more so -- but it's easier to fix.
It was identified by Samy Kamkar -- the same Samy Kamkar who found the hole in OnStar's RemoteLink app (which has since been patched). That vulnerability could be exploited to give ne'er-do-wells with the right equipment access to a range of GM vehicles, allowing thieves to start, stop, and open the cars.
On a hunch that similar problems might affect apps from other automakers, Kamkar carried out tests on BMW’s Remote app and the Mercedes-Benz mbrace app using his homemade "OwnStar" hacking tool. To no one's surprise, he discovered that he could grab app users' login information and gain some degree of control over their vehicles. He found similar problems in the Chrysler Uconnect app and the Viper Smartstart app. As Wired's Andy Greenberg reports: