Search This Blog

Monday, July 29, 2013

Court stops scientists from publishing codes that could wirelessly lockpick Porsches

As Reported by the Verge: Three cryptography experts from UK and Dutch universities have cracked the codes used to start luxury cars such as Audis, Bentleys, Porsches, and Lamborghinis, knowledge that could allow anyone with the right tools to wirelessly lock-pick a $300,000 car. The researchers were preparing to publish a paper in August explaining the method used to penetrate Megamos Crypto, the algorithm-based system used to verify an owner's key. However, Volkswagen's parent, which owns the four brands, has secured an injunction against the University of Birmingham's Flavio Garcia from a UK court.

The scientists argued that "the public have a right to see weaknesses in security on which they rely exposed," but a judge ruled three weeks ago that "car crime will be facilitated" if the scientists publish the algorithm. Volkswagen had asked them to publish a redacted version without the codes, but they declined. Since then, the decision has become part of a wider discussion about car security.

It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.

Reviewing scientists said they had probably used a technique called "chip slicing" which involves analyzing a chip under a microscope and taking it to pieces and 'reverse engineering' or inferring the algorithm from the arrangement of the microscopic transistors on the chip itself – a process that costs around £50,000 ($77,000USD). The judgment was handed down three weeks ago without attracting any publicity, but has now become part of a wider discussion about car manufacturers' responsibilities relating to car security.

The scientists said they examined security on everything from Oyster cards to cars to enable manufacturers to identify weaknesses and improve on them.

The injunction is a temporary step in the case brought by Volkswagen, so it's possible the decision could be reversed. In the meantime, we'll be on the lookout for PhDs driving 911s.