I just read this article and thought rather than hijack then(somewhat related) post on securing KESSY keys, I'd post it separately as this affects non KESSY cars as well.

"A New Wireless Hack Can Unlock 100 Million Volkswagens - WIRED"

https://apple.news/AdWEYALyZRiWRl13ahHiIXw

The question I have is if this does affect our cars? It says the Golf 7 is immune... Would that mean all MQB cars?

Also it makes me wonder if in this case, the KESSY system would actually be more secure due to its shorter range. I.e. If you lock with the touch button on the door handle, the signal between the key and handle would be so weak that a hacker theif would have to be virtually right next to you to intercept the signal.

Just goes to show that complacency by the car makers always come back to bite them..

Edit: that link may not work if you don't use apple news:

https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/

Edited 11 August, 20169 yr by Enobar

Haven't read it all but I thought that was the idea of rolling codes. Each time the central door locking system is used the code changes so if the signal is grabbed it is then out of date. And that system has been used for many years.

Whilst in theory they can unlock the car this still won't defeat the immobiliser or the steering lock. Christ if all you want to do is get in a brick will do that.

It's a known fact that someone cracked the algorithm of the rolling code system a few years ago and were stopped from revealing the fact. So even though the code changes, the key and car both need to know what the next code is going to be so they can use it. All the research team had to do was crack the system which generated the codes (they're not random generated) and they'd got access to the cars. It's not a VW specific thing either, the same rolling code system is used by may different car manufacturers. Given remote access to the key fob with a wireless transmitter/receiver they can interrogate the fob and sniff the last code used, then generate the next rolling code from the cracked algorithm, and transmit that to the car.

This really isn't news.

Haven't read it all but I thought that was the idea of rolling codes. Each time the central door locking system is used the code changes so if the signal is grabbed it is then out of date. And that system has been used for many years.

Whilst in theory they can unlock the car this still won't defeat the immobiliser or the steering lock. Christ if all you want to do is get in a brick will do that.

 

You are wrong. There is already a hack that will enable them to start a car which has KESSY or similar solution. Here is the topic about that.

 

 

Also, this is not about rolling codes either. If you want to break rolling codes, you just need to jam one so it is not used.

It is about the fact VW is using same 4 crypto keys for all cars manufactured in last 20 years. Both vulnerabilities found in the paper would allow you to create a remote so you can unlock AND lock the car as many times as you want.

 

But there is hope. According to the paper, cars on new platform like Gold Mk7 is not affected. Mk7 is on MQB so i hope S3 is not affected either. 

Yeah, I've also heard of this before this article, though this article does indicate that its a bit easier on Volkswagen due to the component having been reverse engineered meaning the hackers only need to capture a single code rather than multiple codes to crack it.  I don't really hold that against VW - eventually theives catch up to all the security systems, but I do think perhaps they let it roll a little too long before changing the technology.  

 

I do think my 2 questions still stand though:  1)  Is there less chance of having the code captured by using the touch button on the handle of a KESSY car, and 2) Is the S3 affected since the article specifically mentions the locking system in the Golf 7 is immune?  I suspect we wouldn't get a direct answer from VW, but I wonder if anyone here is clever enough to know if the locking system in the S3 is indeed the same as in the current Golf.