An estimated 100m cars manufactured by Volkswagen could have a security flaw that makes them vulnerable to theft, according to researchers.
A study undertaken by the University of Birmingham, UK and German engineering firm Kasper & Oswald uncovered digital security glitches that could allow millions of Volkswagen cars to be entered and started without the use of a key.
For as little as $40 (£30), would-be thieves can purchase a Arduino radio device, and use it to intercept the radio signals emitted by a key fob.
These signals could then be used to create digital clones of keys from their frequencies, giving unauthorised access to the vehicles affected.
The team of researchers say that there are two vulnerabilities in this system through which the cars can be taken over.
Through just the first attack, almost every car sold by Volkswagen Group since 1995, including the Audi and Skoda brands, could be wirelessly unlocked.
When combined with other techniques the HiTag2 and Megamos crypto systems can be overridden, disabling the immobiliser and allowing these cars to be taken. Drivers would also be unaware that their car had been compromised.
The second technique could affect millions more cars, including brands such as Ford, Opel, and Nissan.
The HiTag2 cryptosystem has been used in the cars since the 1990s, and can be broken in under 60 seconds, the researchers said.
Flavio Garcia, a computer scientist at the University of Birmingham told Wired: “The cost of the hardware is small and the design is trivial. You can really build something that functions exactly like the original remote.
“It’s a bit worrying to see security techniques from the 1990s used in new vehicles. If we want to have secure, autonomous, interconnected vehicles, that has to change.”
Car hacking has gained increasing coverage in recent years, as cars become increasingly connected. In March in the US, for example, the FBI issued a warning regarding the potential warnings hackings could cause.