An estimated 100m cars manufactured by Volkswagen could have a security flaw that makes them vulnerable to theft, according to researchers.

A study undertaken by the University of Birmingham, UK and German engineering firm Kasper & Oswald uncovered digital security glitches that could allow millions of Volkswagen cars to be entered and started without the use of a key.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

For as little as $40 (£30), would-be thieves can purchase a Arduino radio device, and use it to intercept the radio signals emitted by a key fob.

These signals could then be used to create digital clones of keys from their frequencies, giving unauthorised access to the vehicles affected.

The team of researchers say that there are two vulnerabilities in this system through which the cars can be taken over.

Through just the first attack, almost every car sold by Volkswagen Group since 1995, including the Audi and Skoda brands, could be wirelessly unlocked.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

When combined with other techniques the HiTag2 and Megamos crypto systems can be overridden, disabling the immobiliser and allowing these cars to be taken. Drivers would also be unaware that their car had been compromised.

The second technique could affect millions more cars, including brands such as Ford, Opel, and Nissan.

The HiTag2 cryptosystem has been used in the cars since the 1990s, and can be broken in under 60 seconds, the researchers said.

Flavio Garcia, a computer scientist at the University of Birmingham told Wired: “The cost of the hardware is small and the design is trivial. You can really build something that functions exactly like the original remote.

“It’s a bit worrying to see security techniques from the 1990s used in new vehicles. If we want to have secure, autonomous, interconnected vehicles, that has to change.”

Car hacking has gained increasing coverage in recent years, as cars become increasingly connected. In March in the US, for example, the FBI issued a warning regarding the potential warnings hackings could cause.