A team of researchers at the Usenix security conference in Texas have revealed a number of a security vulnerabilities with the wireless key fobs used by car manufacturer Volkswagen.

The researchers claimed and demonstrated how a $40 Arduino device can be used to intercept wireless signals used by key fobs and then duplicate them. 

Using this method, they speculate “personal belonging left in a locked vehicle (as well as vehicle components like the infotainment system) could be stolen if a their uses the vulnerabilities of the RKE system to unlock the vehicle after the owner has left.”

“This approach is considerably more stealthy and harder to prevent than the currently known methods of theft. Moreover, since a valid rolling code usually disables the alarm syste, the theft is more likely to remain undetected for a longer period of time.”

They say “It is unclear whether such attacks on the RKE scheme are currently carried out in the wild by criminals. However, there have been various media reports about unexplained theft from locked vehicles in the last years. The security issues described in this paper could explain such incidents.”

It’s been a big week for security exposes with serious vulnerabilities for Samsung Pay and Android smartphones also being discovered.