UK court prohibits scientist from publishing car-starting secret codes
Tue, 30 Jul 2013
Three university scientists from England and the Netherlands figured out how to unlock and start Volkswagen-owned luxury vehicles wirelessly without the key, and compiled their findings in an academic paper. The scientists claimed that the research was intended to increase security for everyone, and while that might be true if the codes needed to crack the secret algorithm were never to be published, they planned to publish the paper at the Usenix Security Symposium in Washington, DC, next month.
Fortunately for those who own a Bentley, Lamborghini, Audi or Porsche (and other unmentioned brands), a UK judge imposed an injunction against the England-based scientist, Flavio Garcia, to not attend the symposium, The Guardian reports, recognizing that the information could result in the theft of many vehicles. The other two scientists, Roel Verdult and Baris Ege from Radboud University Nijmegen, won't attend, either.
The algorithm, called Megamos Crypto, allows the key to communicate with the vehicle by deciphering and reordering the codes sent between the two, acting both as a translator of sorts and a safety barrier. With the wrong key in hand – or no key – the car won't function, unless the algorithm has been bypassed another way.
For its part, Volkswagen was actually okay with the paper – Dismantling Megamos Cryptos: Wirelessly Lockpicking a Vehicle Immobiliser – being published, but only if the offending codes were redacted. The scientists, of course, refused.
We appreciate the scientists' effort to increase security by learning the weaknesses of the systems that protect us, but we would rather not have that information in the public domain. With the codes in the wrong hands, who knows what could happen next.
By Damon Lowney