Researchers Reveal Security Flaw in Widely Used Keyless Entry System

Computer researchers in Europe have released details of a security weakness in keyless entry systems used by several carmakers.

The flaw was discovered three years ago. But Volkswagen AG, which uses the system in most of its vehicles, sued the cybersecurity experts at the University of Birmingham in the U.K. and Radboud University in the Netherlands to suppress their findings.

The researchers presented a highly abridged version of their work in 2013. They presented their original paper at this week's USENIX Security Symposium in Washington, D.C.

The security weakness affects certain Audi, Bentley, Fiat, Honda, Lamborghini, Porsche and Volvo vehicles and others, according to media reports.

The problem involves the widely used Megamos Crypto transponder introduced 20 years ago. The encryption system's 96-bit algorithm, which is still being widely used today, immobilizes a vehicle unless it is paired with an authorized nearby electronic key.

The university researchers were able to break into the system in 30 minutes. They say the flaw they found cannot be fixed with a software patch. Instead, carmakers would need to physically replace the remote access key fob and in-car electronics in each affected vehicle.