These are the salient parts of the paper that apply to us.
We have RKE(Remote Keyless Entry and not PKES (Passive Keyless Entry and Start)
1.1.3 Remote Keyless Entry Systems
RKE systems rely on a unidirectional data transmission from the remote control, which is embedded in the car key, to the vehicle. Upon pressing a button, an active Radio Frequency (RF) transmitter in the remote control usually generates signals in a freely usable frequency band. These include the 315 MHz band in North America and the 433 MHz or 868 MHz band in Europe, with a typical range of several tens to hundreds of meters. Note that a few old cars have been using infrared technology instead of RF. RKE systems enable the user to comfortably lock and unlock the vehicle from a distance, and can be used to switch on and off the anti-theft alarm, when present. The first remote controls for cars used no cryptography at all: The car was unlocked after the successful reception of a constant “fix code” signal. Replay attacks on these systems are straightforward. We encountered a Mercedes Benz vehicle manufactured around 2000 that still relies on such fix code RKE systems. The next generation of RKE systems are so-called rolling code systems, which employ cryptography and a counter value that is increased on each button press. The counter value (and other inputs) form the plaintext for generating a new, encrypted (or otherwise authenticated) rolling code signal. After decryption/verification on the side of the vehicle, the counter value is checked by comparing it to the last stored counter value that was recognized as valid: An increased counter value is considered new and thus accepted. A rolling code with an old counter value is rejected. This mechanism constitutes an effective protection against replay attacks, since a rolling code is invalidated once it has been received by the vehicle. The cryptographic mechanisms behind rolling code systems are further described in Section 2. In principle, such unidirectional rolling code schemes can provide a suitable security level for access control. However, as researchers have shown in the case of Keeloq in 2008, the security guarantees are invalidated if they rely on flawed cryptographic schemes: Keeloq was broken both by cryptanalysis [7, 15] and, in a more realistic setting, by sidechannel attacks on the key derivation scheme executed by the receiver unit [12, 17]. Although it is frequently mentioned that Keeloq is widely used for for vehicle RKE systems, our research indicates that this system is prevalently employed for garage door openers. Another attack, targeting an outdated automotive RKE scheme of an unspecified vehicle (built between 2000 and 2005), was demonstrated by Cesare in 2014 [9]: An adversary has to eavesdrop three subsequent rolling codes. Then, using phase-space analysis, the next rolling code can be predicted with a high probability. However, apart from this attack the cryptographic security of automotive RKE systems has not been investigated to our knowledge. In particular, a large-scale survey and security analysis of very wide-spread rolling code systems has not been carried out. A different, simple but effective method used by criminals to break into cars is to jam the RF communication when the victim presses the remote control to lock the car. The victim may not notice the attack and thus leave the car open. A variant of the attack is “selective jamming”, i.e., a combined eavesdropping-and-jamming approach: The transmitted rolling code signal is monitored and at the same time jammed, with the effect that the car is not locked and the attacker possesses a temporarily valid (one-time) rolling code. Consequently, a car could be found appropriately locked after a burglary. This approach was first mentioned in [17] and later practically demonstrated by [16,27]. Note that one successful transmission of a new rolling code from the original remote to the car usually invalidates all previously eavesdropped rolling codes, i.e., the time window for the attack is relatively small. Furthermore, it is usually not possible to change the signal contents, for example, convert a “lock” command into an “unlock”. This limitation is often overlooked (e.g. in [16, 27]) and severely limits the practical threat posed by this type of attack.
3.4 The VW-4 Scheme
In newer VW Group vehicles from approximately 2009 onwards, we found an RKE system that has the same encoding and packet structure as VW-3 (although with a different start pattern), but does not employ the AUT64 cipher. For this system VW-4 the analysis of the respective ECU firmware revealed that the XTEA cipher [24] is used to encrypt a rolling code packet with a format otherwise identical to VW-3 (cf. Figure 7). XTEA is a block cipher based on a 64-round Feistel structure with 64-bit block size and 128-bit key. Due to the structure of the round function based on Addition, Rotate, XOR (ARX) operations, it is well suited for lightweight software implementations required for low-end and low-power devices like RKE remotes. The best known cryptanalytical attack on XTEA [22] is of theoretical nature (relatedkey rectangle attack on 36 rounds with 2 63.83 byte of data and 2 104.33 steps) and hence not relevant in the context of RKE systems. However, again we found that a single, worldwide key is used for all vehicles employing the VW-4 system. The same single point of failure of the older systems VW-1–VW-3 is hence also present in recently manufactured vehicles. For example, we found this scheme implemented in an Audi Q3, model year 2016, and could decrypt and generate new valid rolling codes to open and close this vehicle (and numerous other VW Group vehicles, cf. Section 3.5.1).
3.5.2 Temporary Countermeasures
Completely solving the described security problems would require a firmware update or exchange of both the respective ECU and (worse) the vehicle key containing the remote control. Due to the strict testing and certification requirements in the automotive industry and the high cost of replacing or upgrading all affected car keys in the field, it is unlikely that VW Group can roll out such an update in the short term. Hence, we give recommendations for users of affected vehicles in the following. The well-known advice (see e.g. [25]) to verify that a vehicle was properly locked with the remote control (blinking direction lights, sound) is no longer sufficient. An adversary may have eavesdropped the “lock” signal from a distance of up to 100 m and generate a new, valid “unlock” rolling code any time later. Preventing or detecting the eavesdropping of RF signals is impractical. Hence, the only remaining (yet impractical) countermeasure is to fully deactivate or at least not use the RKE functionality and resort to the mechanical lock of the vehicle. Note that in addition, for many cars, the alarm will trigger after a while if the car doors or the trunk are mechanically opened, unless the immobilizer is disarmed with the original key. With respect to forensics, there are several potential indicators (due to the nature of rolling code schemes) that the remote control may have been cloned: If the vehicle does not unlock on the first button press, this could imply that an adversary has sent valid rolling codes with counter values greater than the one stored in the original remote control. Note that no traces of the attack are left once the counter in the original remote control has caught up with the increased value stored in the car. Further, a complete blocking of the remote control (see above) may be an indicator (e.g., for insurance related court cases) that the RKE system was attacked. It should however be taken into account that, according to our practical tests, the remote control will also be blocked if the car receives a counter that is increased by more than 250 compared to the last stored value—this could for example happen if the remote control buttons are pushed many times while not in the range of the vehicle.
