The Independent reported on 18 August that the immobiliser fitted to more than 100 car makes had weaknesses which made it vulnerable to thieves. Details of the security lapses in the Megamos Crypto system was highlighted two years after they were first discovered because Volkswagen took legal action to block publication.
It can also be revealed that the three other immobiliser systems used by almost every major car firm have similar weaknesses, which mean thieves can override security.
In 2005, US researchers broke the security of one made by US firm Texas Instruments. To crack the security, used extensively in many Ford models, they said they used inexpensive off-the-shelf tools with minimal expertise. They concluded the protection afforded by the device was “relatively weak.” One US security system, said to be used by at least 34 car makers and fitted in more than 200 different models, was defeated in less than six minutes.
It is thought that, while these systems are still in use, car manufacturers have also continually tried to update security, but the hackers are one step ahead. Now so-called “white hat” hackers are used by car companies to help them create better protection.
All cars made in Europe must have an electronic immobiliser fitted by law, but experts have warned that cars where the ignition key has been removed and replaced by a start button are particularly prone to being stolen. In such vehicles the immobiliser transponder is the only anti-theft mechanism.
The researchers who revealed the Megamos loophole said they were surprised to find the security chips use relatively simple encryption. If someone can listen to them talk to each other – twice was all it took – they were able to discover the pattern. The key is then easily copied and the car stolen.
The researchers – Birmingham University’s Flavio Garcia and Roel Verdult and Baris Ege, from Radbound University in Nijmegan, Netherlands – recommend the industry uses more sophisticated systems. “It is surprising the industry is reluctant to migrate [to such transponders] considering the cost difference of a better chip in relation to high-end car models.”