Home Tags Skoda

Tag: Skoda

New challenges surface for VW, including a possible new defeat device...

RoadOverreader comments 21 Share this story Last week was touchy for Volkswagen Group and its profitable Audi brand. Yesterday, the German magazine Bild Am Sontag reported that the California Air Resources Board (CARB) had discovered that unspecified Audi vehicle models were running illegal software to bring carbon dioxide (CO2) emissions within legal limit under laboratory conditions.

The software, according to Bild Am Sontag, also killed CO2 emissions controls while the Audis were driven under normal conditions, much like the defeat device scandal involving VW, Audi, and Porsche vehicles that was exposed last September. This illegal software was apparently found in both gas and diesel Audi models produced up until May 2016. Neither Audi nor CARB has confirmed the reports to any outlet, including Ars Technica. The Wall Street Journal, however, spoke to anonymous sources that seemed to confirm the German magazine’s claims. Reports surfaced last November that some 800,000 Volkswagen vehicles in Europe may have been running with falsified CO2 data.

Those were said to include VW, Audi, Seat, and Skoda vehicles, most of which were diesels.

This new information concerns Audis in the US, and it includes gas vehicles as well.

According to the WSJ, “CARB technicians conducting lab tests on Audi’s vehicles made them react as if on a road by turning the steering wheel... When the cars deviated from lab conditions, their CO2 emissions rose dramatically.” WSJ is uncertain how seriously CARB is taking the discovery.
In a separate report yesterday, Reuters reported that CARB had made its discovery earlier this year. In a statement to Ars, CARB spokesperson David Clegern wrote that the agency can’t comment on an ongoing investigation. He added that CARB has been testing vehicles from all manufacturers “to determine if there are undisclosed auxiliary emissions control devices (AECDs) or defeat devices that impact those emissions.” Clegern continued: The new screening procedures are in addition to the standard certification emissions test cycles.
If illegal AECDs or defeat devices are discovered, CARB will aggressively pursue the investigation and require the manufacturer to correct the violations at its own expense.
In addition, the manufacturer may be subject to penalties, as provided by law. The CARB-Volkswagen news was preceded this weekend by news that VW Group’s former chief financial officer (CFO) Hans Dieter Pötsch is under investigation.

According to the New York Times, he is under investigation for allegedly violating securities laws by “failing to notify shareholders quickly enough of the financial risks of the diesel emissions cheating scandal.” Pötsch became a chairman on the company’s supervisory board just weeks after VW Group was accused of installing defeat devices on diesel vehicles to help them pass nitrogen oxide (NOx) emissions tests in markets around the world. Pötsch is one of a few top executives—including VW Group CEO Martin Winterkorn and Herbert Diess, a member of the company’s management board—who are openly being investigated.

Earlier this year, a former Volkswagen engineer, James Liang, became the first and thus far only VW employee to be found guilty of wrongdoing in the scandal. Even the known parts of VW Group’s ongoing scandal are still mired in negotiations and bureaucracy. Last week, US District Judge Charles Breyer declared that VW Group had until Nov. 30 to propose a plan to get 80,000 3.0L diesel vehicles off the road—whether that means fixing the cars or buying them back. Judge Breyer expressed confidence that VW Group would return to the court with “what I hope will be very good news.” Those 80,000 cars are separate from the roughly 475,000 2.0L diesel vehicles that also used illegal software to manipulate emissions.
VW Group settled that issue for nearly $15 billion—including $10.033 billion to buy the affected vehicles back and more than $4.7 billion in fines and mitigation payments.

Car lock hack affects millions of vehicles

Remote control eavesdrop clone is 'master key' Security researchers will highlight vulnerabilities in keyless entry systems that impact on the protection against theft of millions of cars at a conference tomorrow. The researchers, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, said they'd found that it was possible to clone a VW Group remote control after eavesdropping on a signal. The hack means its possible for thieves to unlock cars even if the owners have locked them. Worse yet, almost every vehicle the Volkswagen group has sold for the last 20 years – including cars badged under the Audi and Skoda brands – are potentially vulnerable, say the researchers.

The problem stems from VW’s reliance on a “few, global master keys”. El Reg asked Volkswagen’s PR team to comment on the upcoming research but we didn’t hear back at the time of going to press. We’ll update this story as and when we hear anything more. During an upcoming presentation, entitled Lock It and Still Lose It — on the (In)Security of Automotive Remote Keyless Entry Systems at the Usenix security conference (abstract below) – the researchers are also due to outline a different set of cryptographic flaws in keyless entry systems as used by car manufacturers including Ford, Mitsubishi, Nissan and Peugeot. The two examples are designed to raise awareness and show that keyless entry systems are insecure and ought to be re-engineered in much the same way that car immobilisers were previously shown to provide less than adequate protection. While most automotive immobiliser systems have been shown to be insecure in the last few years, the security of remote keyless entry systems (to lock and unlock a car) based on rolling codes has received less attention.
In this paper, we close this gap and present vulnerabilities in keyless entry schemes used by major manufacturers. In our first case study, we show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys. We show that by recovering the cryptographic algorithms and keys from electronic control units, an adversary is able to clone a VW Group remote control and gain unauthorised access to a vehicle by eavesdropping a single signal sent by the original remote. Secondly, we describe the Hitag2 rolling code scheme (used in vehicles made by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford among others) in full detail. We present a novel correlation-based attack on Hitag2, which allows recovery of the cryptographic key and thus cloning of the remote control with four to eight rolling codes and a few minutes of computation on a laptop. Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles. Garcia was previously blocked from giving a talk about weaknesses in car immobilisers following a successful application to a British court by Volkswagen.

This earlier research on how the ignition key used to start cars might be subverted was eventually presented last year, following a two year legally enforced postponement. The latest research shows how tech-savvy thieves might be able to unlock cars locked by the vehicles' owners without covering how their engines might subsequently be turned on. Wired reports that both attacks might be carried out using a cheap $40 piece of radio hardware to intercept signals from a victim’s key fob.

Alternatively, a software defined radio rig connected to a laptop might be employed.

Either way, captured data can be used to make counterfeit kit. ® Sponsored: 2016 Cyberthreat defense report