German and British researchers have discovered a security flaw in remote locking systems fitted to around 100 million cars worldwide, German media reported on Thursday.
The bug affects vehicles with a remote lock activated by a key, the Sueddeutsche Zeitung (SZ) daily and public broadcasters NDR and WDR reported.
Volkswagen group is one of the hardest hit, with popular models including the Golf 4 and 6 but also vehicles from subsidiaries like Audi, Seat and Skoda on the list of vulnerable cars.
"Security systems of vehicles up to 15 years old don't demonstrate the same level of security as our more current vehicles," the auto giant acknowledged to the SZ.
Hackers are able to get around the security system by using passwords from old keys, the SZ reports—because the system did not allow for a sufficiently large number of different passwords.
The researchers were also able to record the radio signal from a specific key and use it later to open the corresponding car.
Other brands with models affected by the problem include France's Citroen, Peugeot and Renault, Italy's Fiat, German Opel, Japan's Nissan and US-based Ford.
While VW suggested in comments to the SZ that the hack was of mostly academic interest, German authorities are currently investigating the theft of a car which could have used the method described by the researchers, an anonymous security source told the paper.
But the Munich-based broadsheet also notes that car thefts have fallen significantly in recent years.
German insurance federation GDV told SZ that around 18,000 cars are stolen every year in Germany, down from 105,000 23 years ago.
Explore further: Germany demands tougher rules on emissions testing