Over a 100 million cars made by Volkswagen (VW) are believed to be vulnerable to hacks that could let thieves unlock them remotely through a wireless signal, according to security researchers.
Computer experts at the University of Birmingham, Flavio Garcia and David Oswald, have uncovered two flaws in VW's keyless entry systems that could allow hackers to remotely unlock over 100 million cars sold by the firm since 1995.
The first vulnerability gives hackers the ability to remotely break into nearly every car VW has sold since 2000, while the second impacts "millions" more vehicles including models from Ford, Peugeot and Citroen.
Both attacks rely on "widely available" Arduino hardware (below) that costs as little as 30 quid. This can intercept signals transmitted wirelessly through the air via key fob and then clone said key.
The second attack is a bit more complex, and is a cryptographic scheme called HiTag 2. An attacker would need to use a radio setup like that used in the regular Volkswagen hack, intercepting special codes from drivers' key fobs and collecting codes that would eventually result in an unlock.
"We discovered that the RKE [remote keyless entry] systems of the majority of VW Group vehicles have been secured with only a few cryptographic keys that have been used worldwide over a period of almost 20 years," the researchers wrote.
"Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles."
The researchers are now going to investigate if the attack has been used by criminals in the real world.
VW has since spoken out about the flaws, and has worryingly said that "there is no 100 per cent guarantee for security".
"On one hand, criminals are equipped with sophisticated tools, and on the other hand, theft protection is impacted by the fact that we have to provide access to the OBD interface (onboard diagnosis) as well as the processes and documents in connection to these systems.
"The bar for theft prevention is constantly being raised, but ultimately there is no 100 per cent guarantee for security.
"The responsible department at Volkswagen Group is in contact with the academics mentioned and a constructive exchange is taking place. The findings obtained will serve to further improve the security technology."
It is not the first time VW has been put under the microscope by the security researchers, with the firm going as far as getting a High Court injunction in the past to stop them revealing hack details for their vehicles.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago