Go Back   Team-BHP > BHP Worldwide > The International Automotive Scene

Thread Tools Search this Thread
Old 17th August 2015, 12:15   #1
Senior - BHPian
Tushar's Avatar
Join Date: Oct 2014
Location: Mumbai
Posts: 1,137
Thanked: 8,237 Times
Default VW spends years trying to conceal security flaw

Hacking is usually a term associated with computers or most electronic devices. However, with cars getting increasingly dependent on electronics, it looks like convenience features are being turned into a security threat. According to a report by Bloomberg, hackers target vulnerabilities in electronic locks and immobilizers, and the crime now accounts for 42% of stolen vehicles in London. BMWs and Range Rovers are said to be particularly at risk, and police say, a technically sound criminal can gain access to a car in as quickly as 60 seconds.

A similar vulnerability was identified in keyless vehicles, which are made by several car manufacturers. The weakness in question affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers. The research team first took its findings to the manufacturer of the affected chip in February 2012 and then to Volkswagen in May 2013. Volkswagen then filed a lawsuit to block the publication of the paper stating that it would increase the risk of their cars being stolen.

After lengthy negotiations, the paper by Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham, U.K, will now be presented at the USENIX security conference in Washington, D.C., albeit with one sentence giving an explicit description of a component of the calculations on the chip being removed.

The authors highlight how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by hackers and used to steal high end vehicles. The Megamos transponder is a commonly used immobilizer transponder in VW group vehicles including those from Audi, Porsche, Bentley and Lamborghini. Certain cars made by brands such as Fiat, Honda, Volvo and Maserati use the system as well. Other products like the DST transponder and KeeLoq too, have been targeted.

In order to fix the problem, manufacturers will have to replace the RFID chip in the keys and the transponders in the cars, which will entail a significant labour cost and will be a logistical challenge.

VW spends years trying to conceal security flaw-2.jpg

Name:  1.png
Views: 1830
Size:  75.8 KB

Last edited by Tushar : 17th August 2015 at 12:24.
Tushar is offline   (15) Thanks Reply With Quote
Old 18th August 2015, 11:45   #2
Join Date: Jul 2015
Location: Coimbatore
Posts: 636
Thanked: 768 Times
Default Re: VW spends years trying to conceal security flaw

While the usage of electronics for security, vehicle theft has become complex for short term thieves. However, technically capable criminals can anyway gain access. Only that the way the thefts used to take place has changed now.
Apart from vehicle theft, there are many such dangerous possibilities in the future, with cars that can be connected to internet.
One concept is, a car would use the normal internet to connect to another car, with the aim to get the real time information about the places the car is travelling. For e.g if there is a road work in progress, which is not mentioned in the Maps, a car which has already travelled that location (car coming from opposite direction) would pass such information.
The driver can go majority of the time in cruise control, and the car would adaptively change the speed according to the real time information received from internet, and the information received from sensors all around.
These are certain advanced concepts planned for high end cars, which would anyway make way to low end cars with the passage of time.
When such technologies are adapted by mass market, consider the havoc if there is a security hole targeted by a web based criminal. Such as a hacker gets in to the system, provides incorrect map data, or controls the car speed abnormally. The possibilities can range from the passengers landing into a wrong destination to severe accidents!
The other side of technological advancement! Now even the Police force have to be technically equipped accordingly to prevent such instances and nail the criminals.
hybridpetrol is offline   (1) Thanks Reply With Quote
Old 18th August 2015, 22:58   #3
Distinguished - BHPian
Join Date: Jul 2009
Location: Kolkata
Posts: 3,276
Thanked: 1,635 Times
Default Re: VW spends years trying to conceal security flaw

Slightly more details here.
or for those who can access

Wonder if VW owns Megamos Crypto.


Last edited by Sutripta : 18th August 2015 at 23:05.
Sutripta is offline   (1) Thanks Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Baleno Camshaft Position Sensor - Inherent Flaw?? aNiLdEv Technical Stuff 9 2nd November 2009 09:06
Potential security flaw: Maruti's online database mixes up customer details meerkat The Indian Car Scene 23 14th August 2009 23:15
Trying to save my lovely boy (my 6 and half years old boxer) vinayvtec Shifting gears 49 19th May 2009 14:43
UK Honda Civic owners warned of flaw iTNerd The International Automotive Scene 1 25th March 2008 23:09

All times are GMT +5.5. The time now is 18:55.

Copyright 2000 - 2016, Team-BHP.com
Proudly powered by E2E Networks