3.5.1 Vulnerable Vehicles
Our findings affect amongst others the following
VW Group vehicles manufactured between
1995 and 2016. Cars that we have practically tested
are highlighted in bold. Note that this list is not exhaustive,
as we did not have access to all types and
model years of cars, and that it is unfortunately not
clear if and when a car model has been upgraded to
a newer scheme.
Audi: A1, Q3, R8, S3, TT, various other types of
Audi cars (e.g. remote control part number 4D0 837
231)
VW: Amarok, (New) Beetle, Bora, Caddy,
Crafter, e-Up, Eos, Fox, Golf 4, Golf 5, Golf
6, Golf Plus, Jetta, Lupo, Passat, Polo, T4, T5,
Scirocco, Sharan, Tiguan, Touran, Up
Seat: Alhambra, Altea, Arosa, Cordoba, Ibiza,
Leon, MII, Toledo
Škoda: City Go, Roomster, Fabia 1, Fabia 2,
Octavia, SuperB, Yeti
It is conceivable that all VW Group (except for
some Audi) cars manufactured in the past and partially
today rely on a “constant-key” scheme and are
thus vulnerable to the attacks described in this paper,
except for those cars that rely on the latest platform,
e.g., the Golf 7 for VW.
Note that
identical VW Group cars are sold under
different names in other countries, e.g., some Golf
versions were sold as “Rabbit” in North America.
We have tested some remote controls operating at
315 MHz, e.g., for the US market, and found them to
be vulnerable to our attacks as well, i.e., the only difference
to their European counterparts is the operating
frequency. Furthermore, cars of different brands
may share the same basic technology, e.g., we found
some model years of Ford Galaxy that have the same
flawed RKE system as their VW Group derivatives
VW Sharan and Seat Alhambra