Published in News

Scientist banned from revealing security codes

by on30 July 2013



Volkswagen gets injunction

A UK court has slapped an injunction on a security expert who has cracked security system of cars including Porsches and Bentleys. The British-based computer scientist Flavio Garcia, has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis. The judge was worried that it could lead to the theft of millions of vehicles.

Garcia, a lecturer in computer science, who has cracked the security system by discovered the unique algorithm that allows the car to verify the identity of the ignition key. The system called Megamos Crypto is supposed to protect luxury cars under the Volkswagen umbrella. Volkswagen complained that the publication could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car".  The cars are protected by a system called Megamos Crypto, an algorithm which works out the codes that are sent between the key and the car.

The researchers wanted to publish their paper at the well-respected Usenix Security Symposium in Washington DC in August, but the court has imposed an interim injunction. Volkswagen had asked the scientists to publish a redacted version of their paper – Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser without the codes, but they said no. 

Garcia and his colleagues from the Stichting Katholieke Universiteit, Baris Ege and Roel Verdult, said they were "responsible, legitimate academics doing responsible, legitimate academic work" and their aim was to improve security for everyone, not to give criminals a helping hand at hacking.

They argued that "the public have a right to see weaknesses in security on which they rely exposed". Otherwise, the "industry and criminals know security is weak but the public do not".

Rate this item
(0 votes)