Source please, as I understand it current VW cars themselves are not vulnerable but some other VAG brands still use these vulnerable immobilizers to this day. That might be bad reporting though. The only reliable detail I have found is from the paper itself. "We understand that measures have been taken to prevent the weak key and partial key update attacks when the transponder was improperly configured."