TrustPoint Blog

Would you buy a house that anyone could access for $40? Volkswagen owners weren’t given the chance to consider this question when they bought their cars over the last two decades, according to Wired.

25,000,000 to 1: Your Chances of Losing the Auto Lottery

Car locks have gone digital, and it’s convenient. But with approximately four unique keys used to service one-hundred million vehicles sold over the last twenty years, Volkswagen owners are left wondering how secure their vehicles really are. A University of Birmingham team found a way to reverse-engineer those codes from within a Volkswagen vehicle itself, instantly gaining access to twenty-five million vehicles after a single use, including Audis, Porsches, and Cadillacs.

The technology is eighteen years old. NXP, the manufacturer, has recommended upgrading to more secure systems for years, although the auto industry has been slow to respond. With no immediate fix available for these vehicle owners, the only real answer is to leave nothing valuable in their cars. Accepting that these vehicles are no longer safe is the first step to solving the problem.

How Do We Protect Tomorrow’s Drivers?

Like your home, it should go without saying that your car needs its own unique key—digital or not. Twenty-five million cars to one key is an unacceptable ratio. Thankfully, today’s technology makes it entirely possible to rectify this, but the auto industry needs to meet security experts halfway.

The auto industry cannot afford to lag behind on security any longer. How do we move forward? As it stands, cars can’t accommodate the necessary software upgrades with outdated hardware. It’s simply not sustainable. Creating a new foundation to accommodate future security updates will be a key step forward.

And that foundation starts with raising awareness for vehicle security. Other industries—particularly in software—hold to the expectation of a reasonable response time in fixing security flaws. Perhaps the auto industry hasn’t caught on because compromised locks do not pose enough of an immediate safety issue to trigger a mass recall. The problem’s hardware-based nature prevents the industry from fixing this on a car-by-car basis, but the lack of attention for compromised security also removes the impetus for action. Raising awareness is where we must start.

Implementing the Solution, Not Reinventing It

The Internet of Things is here, and the automotive industry has just begun grappling with driver safety as an extension of digital security.

What happens when cars begin to connect to each other and to infrastructure around them? Security will need to be at the forefront. Waiting years to respond to a flaw will not be acceptable when lives are at stake.

Loss of life, property, and peace of mind are evidently at stake—both present and future. That is exactly TrustPoint’s vision: to build a world where we can trust our technology to keep us safe.

That vision is now a reality. Putting to use our expertise in cryptography and the automotive industry, TrustPoint is at the forefront of these types of automotive security issues and is already working on secure solutions that guarantee every vehicle has multiple, unique, digital keys.

While TrustPoint is not solving the keyless entry problem directly, we are working hard to ensure that similar mistakes are not made in the deployment of the safety-critical V2V and V2I communication. TrustPoint is a Technical Security Expert directly advising automobile manufacturers and the U.S. Department of Transportation on the security needs of the connected car.

All that’s left is to implement that security into the vehicles of tomorrow. Contact TrustPoint to learn more about securing V2V and V2X communication.