Scientists’ luxury car hack warning faces injunction via Volkswagen

Jul 29, 2013
2
Scientists’ luxury car hack warning faces injunction via Volkswagen

A paper has been published by Flavio Garcia of the University of Birmingham which includes access codes for a number of luxury car brands, this resulting in the Professor being served an injunction from a UK court. The paper is being called dangerous as it would, according to the brands on the other side of this court case, allow criminals to drive away with the cars in question. The paper itself, on the other hand, warns against what Professor Garcia calls "weaknesses in security" which he suggests, in so many words, that criminals are already aware of.

The paper in question was set to be published by Usenix Security Symposium in Washington DC in August, but due to this court order, it'll be held until a court session on the matter can be held. The injunction itself is being filed against Garcia as well as two colleagues of his, Baris Ege and Roel Verdul of Stichting Katholieke Universiteit, both of them cryptology experts that contributed to the paper.

Porsches, Audis, Bentleys and Lamborghinis are included in the paper, each of them with security codes set to be published if the paper ever does see the light of day. It's Volkswagen's parent that's launched this case against the scientists, that one entity owning the four luxury lines affected by the paper.

Those filing for the injunction made a specific request for the paper to be published without the codes themselves, but the paper's authors have declined. The paper itself, Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser, shines light on the system that protects the whole lot of these luxury vehicles: Megamos Crypto.

The software behind the code has been available on the internet since 2009, the team reminded The Guardian this week through their court case filings. The paper suggests that the code had been leaked to the web after the system had (likely) been broken using what the team describes as "chip slicing."

This chip slicing technique takes a computer chip from the security system and analyzes it under a microscope. The process, which the paper asserts likely cost the perpetrator around 50 thousand British pounds, analyzed the arrangement of the physical bits of the chip, inferring their abilities.

Now we've only to see what the difference is between this paper being published and the same information being available on the internet - other than the courts' control over one and not the other, of course.


Must Read Bits & Bytes