Team-BHP - UK scientist banned from revealing code to crack Volkswagen car security systems

Team-BHP reader Manas Kumar sends us this interesting link.

Reproducing excerpts of an article from the Guardian,

Quote:

A British-based computer scientist has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis as it could lead to the theft of millions of vehicles, a judge has ruled.

The high court imposed an injunction on the University of Birmingham's Flavio Garcia, a lecturer in computer science, who has cracked the security system by discovering the unique algorithm that allows the car to verify the identity of the ignition key.

The UK injunction is an interim step in a case launched by Volkswagen's parent, which owns the four luxury marques, against Garcia and two other cryptography experts from a Dutch university.

It complained that the publication could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car". The cars are protected by a system called Megamos Crypto, an algorithm which works out the codes that are sent between the key and the car.

In a nutshell, the academic paper that the computer scientists intended to publish might affect many luxury cars already sold across the world as international car theft gangs could use the vulnerabilities in car security systems discovered through the paper, and steal high end cars. So, a UK Court, upon Volkswagen's petition, has issued an injunction preventing the computer scientists from publishing the academic paper. Now, it'll be interesting to see what the Volkswagen group does to upgrade the security systems of its high end cars.

Cheers,

Jay

thats a one sided judgement.

VW and others need to see this as positively and thank the team that they pointed out the vulnerability of the system, instead of stopping the paper from publishing.

It's as simple as using the data to make the system foolproof rather than avoiding the situation.

The court might have ruled in favour of car companies, still court should have asked those companies for a plan to come up with solutions.

Imagine a situation when the paper is sold to a nexus at a huge sum. Why create black market opportunity for Car thief nexus and try to grab the research paper.

What an excellent movie plot it is.

Interesting VW only stopped them from publishing the codes and not the paper. They are free to publish the paper without the codes. But they have got all the limelight they could dream of already.

Question is how soon is VW going to act on this security vulnerability and upgrade the systems of these luxury cars. Just a court ban would not stop this information from getting into the wrong hands.

Quote:

Originally Posted by Thad E Ginathom (Post 3194588)

The court action and order have quite possibly had more publicity than the presentation would have. Own Goal, VW :Frustrati

It is not :Frustrati, rather lol:

Quote:

A realtively small handful of geeks would have pondered over some deeply technical stuff. Instead, now, everybody knows that there is "something wrong" with VW luxury security.

And a million other people would now start writing their own codes to hack the system. So the original inventor / hacker gets nothing but a court judgement, whereas other newbie inventors would get a job in VW (sometime later) to fix the gap.
If I would have some power at VW, I would have asked Mr Garcia, to join VW and help me fixing those security loopholes.
What a waster opportunity by VW. sic sic