Keyless security flaw leaves thousands of cars vulnerable

Research has found that thousands of cars, including models from brands such as Volkswagen, Audi, Porsche, Ferrari and Honda are at risk of electronic hacking because of their susceptible keyless ignition systems. 

The issue has been discovered by researchers at Birmingham University and Radbound University in Nijmegen, The Netherlands. Specifically, they’ve highlighted the Megamos Crypto system, a keyless car security feature that’s used by many manufacturers including Volvo, SEAT, Maserati and Alfa Romeo for select models.

The system is meant to prevent a car’s engine from being started without the presence of a keyfob that contains the appropriate radio frequency identification chip. Researchers at the two universities, however, discovered they were able to intercept the signals sent between the chip and car. Then, with the aid of a commercially available computer programme, the secret codes in the signal could be identified.

Last year, around 6,000 vehicles were stolen without their keys last year, according to the Metropolitan Police. This accounted for nearly half of all of car thefts. The discovery from the university researchers could go some way to explaining some or even the majority of these particular car thefts.

The research paper from the two universities investigating the flawed keyless system have recommended that a chip system that includes a random number generator would be a better alternative. That’s because it would be harder for hackers to use intercepted transmissions to break cars’ security codes.

In their paper, the researchers conclude: “The implications of the attacks presented in this paper are especially serious for those vehicles with keyless ignition. At some point the mechanical key was removed from the vehicle but the cryptographic mechanisms were not strengthened to compensate.”

Join the newsletter

Get the latest news, reviews and guides every week. Update your preferences at any time.