Volkswagen key-less ignition security flaw - 2+ years spent hushing, rather than fixing...

[Jasmin]

Well, it appears we have yet another car-related security issue.

 

This time Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham, U.K. managed to discover that majority of Volkswagen cars and a fairly high volume of cars from other manufacturers using 'key-less' security chips from EM Microelectronic are easily hackable due to outdated encryption systems.

 

According to the researchers, chip which should prevent the engine from starting if it's not in the near vicinity to the twin-chip built into the car and which according to the company itself should be uncopyable, can be, in fact, easily mapped and reproduced after recording the transmission just twice - one of the core issues is that it uses 96-bit encryption... Apparently we are back in the 90's when it comes to luxurious cars.

 

Now the best part - security flaw was discovered back in 2012 and the chip producer was given 9 months to address the issue. Of course how could we expect the car industry to do anything if they can just sue the researches after the timer ran out, preventing them from publishing the research for over 2 years. Way to go VW, 196,607 possible keys are definitely good enough, good gods, no Amiga A1000 could handle it in a reasonable amount of time after all. I hope IBM is providing you with good maintenance on your RAMAC 305 supercomputer!

 

A VW spokesman responded: "Volkswagen maintains its electronic as well as mechanical security measures technologically up-to-date and also offers innovative technologies in this sector."

 

Yea, sure...

 

List of cars that are affected for 100%:

 

 

Sauce & the other Sauce

[Syntaxvgm]

oooh kinda like the 50 cent GM ignition problem? 

[brownninja97]

Now this is quite a big problem.

[Windows2000]

Daewoo motors went bankrupt, Kia's on here but Hyundai isn't...

Hmm.... (Korean motor companies...)

[,,,,,,,,,,,,,,,,,,,,,,,,,,]

oooh kinda like the 50 cent GM ignition problem? 

 

My mom had to get hers fixed lol. They did it free then charged her $50 for a "ding" on the rental car...

[TheGeeker]

AHHHH. WE HAVE A SPARK AHHH

[soaringchicken]

Wow, this sort of attitude just pisses me off, and I thought Volkswagen was one of the better car manufacturers. 

[Guest]

Is the Cvic Hybrid affected as well?

[Chugle]

Wonderful.

[ZetZet]

Wow, this sort of attitude just pisses me off, and I thought Volkswagen was one of the better car manufacturers. 

Volkswagen is good value and it's the largest car manufacturer too.

[Syntaxvgm]

My mom had to get hers fixed lol. They did it free then charged her $50 for a "ding" on the rental car...

wow....just....wow   

I have the opposite problem

I can pull my key out of the ignition...and my car will still run 

yay Chrysler 

[sirtoby]

Volkswagen is good value and it's the largest car manufacturer too.

The problem here is, that VW makes cars I'd actually want to buy. There might be great deals for used Volkswagen though

My biggest problem is that they haven't bloody fixed the problem. You don't run around for two years, fucking people after being diagnosed with AIDS, and the only other person who knows it isn't allowed to tell anybody. Dishonesty like that makes me really angry. And the fact, that with all the electronics we have in our cars now a days there is no way to have software updates over the air. Because at some point there will be a security issue and then we'll have a GM ignition 2

[ZetZet]

The problem here is, that VW makes cars I'd actually want to buy. There might be great deals for used Volkswagen though

My biggest problem is that they haven't bloody fixed the problem. You don't run around for two years, fucking people after being diagnosed with AIDS, and the only other person who knows it isn't allowed to tell anybody. Dishonesty like that makes me really angry. And the fact, that with all the electronics we have in our cars now a days there is no way to have software updates over the air. Because at some point there will be a security issue and then we'll have a GM ignition 2

As far as I can tell this only ever changes anything if someone is trying to steal your car. And trust me, with or without this, if someone decides to steal your car it's gone, changes nothing. If you are afraid of theft get insurance, that's about all you can do.

 

Only security flaws you should be concerned with are the ignition kill switches and stuff.

[Imabigmac]

You don't run around for two years, fucking people after being diagnosed with AIDS, and the only other person who knows it isn't allowed to tell anybody. 

 

Well, that's a new one. 

 

 

 

OT: Automakers better pull their heads out of their behinds because the world is no longer stupid when it comes to electronics from the last decade. 

[sirtoby]

As far as I can tell this only ever changes anything if someone is trying to steal your card. And trust me, with or without this, if someone decides to steal your car it's gone, changes nothing.

The key isn't the problem here. VW is. First they dare to use a 96-Bit encryption and then they can't come up with a solution when it inevitably fails. 

[captain cactus]

 And the fact, that with all the electronics we have in our cars now a days there is no way to have software updates over the air.

Unless you have a Tesla, but we all know how the competition thinks of them.

 

OT: This should be regulated by law. If one finds an exploit, he/she should report it to the car manufacturer who must then test it and fix it, either via an OTA update or with a recall, within, lets say 6 months. Cars are jammed with technology these days, so manufacturers should treat them like your every day computer, meaning that once an exploit is found, they should fix it.

[soaringchicken]

Volkswagen is good value and it's the largest car manufacturer too.

Wasn't saying that it wasn't, both of my parents own volkswagens and they're both mostly great. It's just the lazy attitude that these massive car manufacturers have in regard to these types of issues pisses me off.

[Pesmerga]

awww yisss, looks like my car is in there! Great! >_>

[mikeeginger]

wow car companies are soooo behind 

Dont they have any common sense at all?

[AlwaysFSX]

Heyoooooo, effects nothing I care about.

 

Awesome.

[You_are_a_cunt]

Just tried this on a coworker's Daewoo Matiz. Didn't work I'm disappoint.

[TheSLSAMG]

Looks like we're okay (Q5 in the family.)

[zacRupnow]

---

I wanted to find the treasure again, forgot how fucking long it takes to read your signature. :lol:

[Beskamir]

If car manufactures don't change their attitudes then they really will be replaced by tech companies like apple/google and car manufactures that actually know the importance of quickly fixing problems.