Remote keyless entry was once a luxury, but today it's rare to find a car that doesn't have it. Given that it's everywhere, you would expect that any possible kinks have been worked out, but you'd be wrong.
In fact, a popular model of keyless entry that uses a Megamos Crypto transponder turns out to be not as secure as car makers thought. It leaves Volkswagen, Chevy, Audi, Fiat, Honda, Volvo, Porsche, Cadillac and other car brands vulnerable to thieves.
The problem lies in the way the transponder and fob exchange the code that tells the system to unlock. The system is supposed to have billions of possible code combinations, which make it impossible to crack.
However, researchers at Radboud University in the Netherlands and the University of Birmingham found that by intercepting the wireless signal just twice, they could narrow it down to 200,000 combinations. From there, it only takes half an hour for a computer to find the right one and unlock the car.
So, in theory, a thief could sit in a van on your street for a day as people leave for work and return home, do some number crunching with a computer for a few hours, and then steal a bunch of cars overnight. But that's not the worst part.
The researchers discovered this problem back in 2012 and quickly let Megamos Crypto know. When nothing was done, the researchers alerted Volkswagen in 2013.
Instead of fixing the problem, Volkswagen filed an injunction to keep the researchers from publishing their findings, which isn't surprising given its diesel emissions cover-up that's just now coming to light. That's why it took two years for the report to become public.
Now that it is public, we can see the list of cars that the researchers say are at risk.
At this point, there's no way to tell if any criminals are exploiting this security flaw to break into these cars. Of course, it seems like car thieves don't really need the help right now.
We know that a $32 gadget can open just about any car or garage door, flaws in Chrysler-Fiat entertainment systems could let a hacker take control of your car, cars with OnStar can be remotely hijacked and other car hacks will probably appear on a regular basis until manufacturers start taking security seriously.