Jump to content



Photo
britain netherlands algorithms academic paper dissected codes exotic cars

  • Please log in to reply
12 replies to this topic

#1 Hum

Hum

    totally wAcKed

  • 62,931 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 30 July 2013 - 00:07

A group of scientists based in Britain and the Netherlands has cracked the algorithms used in keys to start Porsches, Audis, Bentleys and Lamborghinis. The scientists had planned on revealing their findings in an academic paper, but a British high court banned them from doing so for now, citing the danger of gifting such information to car hackers and thieves.

Flavio Garcia is a lecturer in computer science at the University of Birmingham, and, along with his colleagues Baris Ege and Roel Verdult from the Stichting Katholieke University in the Netherlands, dissected the codes that the keys transmit to the vehicle for unlocking and starting. The cars in question all belong to the Volkswagen, and it was VW that pleaded with the courts to block the planned unveiling of the findings at a seminar in Washington, D.C., in August.

The scientists say they aim to improve safety for everyone, uncovering existing weaknesses and sharing them with the public in an effort to drive more secure systems. The Guardian reports that during proceedings in court, it emerged that the software behind the code has been available online since 2009.

more




#2 FloatingFatMan

FloatingFatMan

    Resident Fat Dude

  • 15,946 posts
  • Joined: 23-August 04
  • Location: UK

Posted 30 July 2013 - 05:40

Tut tut, Hum. You know about searching first! :p

 

http://www.neowin.ne...er-key-pairing/



#3 Gary2MBz

Gary2MBz

    Sneakier than your worst nightmare.

  • 1,609 posts
  • Joined: 05-November 07
  • Location: Somewhere in LA...
  • OS: Windows 8.1 Update 1 Pro x64
  • Phone: AT&T iPhone 5 32GB - White & Silver

Posted 30 July 2013 - 06:31

Anything for the F10 BMW 5 series? They also had a guy somewhere on Forbes manipulating a Prius using a MacBook Pro and they had a video of it all! :p

 

Edit: Here is that video!

 



#4 +Phouchg

Phouchg

    Resident Misanthrope

  • 5,689 posts
  • Joined: 28-March 11
  • Location: Neowin Detainment Camp

Posted 30 July 2013 - 18:09

UK is getting worse and worse... 

 

 

Garcia's treatment is in stark contrast to the laurels being heaped on America's Charlie Miller and Chris Valasek ahead of the upcoming DefCon conference in Las Vegas. Their demonstration of how to interfere with on-board computers was accepted at the Vegas con.

Miller and Valasek connect a laptop to the diagnostic ports of a Prius and a Ford Escape, and from there, show that the laptop can issue instructions to the vehicles' ECU (electronic control unit), including steering, acceleration, braking and the horn.

As part of the leadup to DefCon, snippets of their work are getting previewed left right and centre, without a lawsuit in sight.

Even though the pair promise to release their source code after DefCon, they have a key advantage over Garcia: America's First Amendment. The fact that their work was funded by DARPA doesn't hurt, especially since Miller told the BBC the work involved destroying a few cars.

 

More (El Reg)



#5 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 30 July 2013 - 18:13

Why would you even want to make something like this known?



#6 Defiantly

Defiantly

    In Capsa Vino Veritas!

  • 1,566 posts
  • Joined: 30-October 01
  • Location: Southampton, PA. USA.
  • OS: Human
  • Phone: IPhone 5S

Posted 30 July 2013 - 18:46

"Scientists"  LOL.



#7 Yusuf M.

Yusuf M.

  • 21,362 posts
  • Joined: 25-May 04
  • Location: Toronto, ON
  • OS: Windows 8.1 Pro
  • Phone: OnePlus One 64GB

Posted 30 July 2013 - 18:48

"Scientists"  LOL.

They're the ones that cracked it. What would you prefer to call them?



#8 Defiantly

Defiantly

    In Capsa Vino Veritas!

  • 1,566 posts
  • Joined: 30-October 01
  • Location: Southampton, PA. USA.
  • OS: Human
  • Phone: IPhone 5S

Posted 30 July 2013 - 18:58

They're the ones that cracked it. What would you prefer to call them?

I dunno, but the words "Science" and "Scientist" are thrown around awful lightly these days.



#9 +Phouchg

Phouchg

    Resident Misanthrope

  • 5,689 posts
  • Joined: 28-March 11
  • Location: Neowin Detainment Camp

Posted 30 July 2013 - 19:25

Why would you even want to make something like this known?

 

Because it's shoddily implemented. I quote:

"to improve safety for everyone, uncovering existing weaknesses and sharing them with the public in an effort to drive more secure systems"

 

Yes, these are actual scientists at work. Computer security is science that requires chess grandmaster thinking, command of applied mathematics, electronics, physics and generally actually know how a modern computer works. And additionally, it's an art form. Most snobby-yuppie programmistas these days don't have a clue of any of these.



#10 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 30 July 2013 - 19:27

Because it's shoddily implemented. I quote:

"to improve safety for everyone, uncovering existing weaknesses and sharing them with the public in an effort to drive more secure systems"

 

May be, but it seems criminal to me to release such information. 



#11 LaP

LaP

    Forget about it

  • 5,984 posts
  • Joined: 10-July 06
  • Location: Quebec City, Canada
  • OS: Windows 8.1 Pro Update 1

Posted 30 July 2013 - 19:29

So those companies prefered to give money to lawyers instead of paying those guys to keep the secret?

#12 +Phouchg

Phouchg

    Resident Misanthrope

  • 5,689 posts
  • Joined: 28-March 11
  • Location: Neowin Detainment Camp

Posted 30 July 2013 - 19:40

You reap what you sow. It's way beyond time for computer software companies to get acquainted with the long lost principle called responsibility. If you build a house and it collapses or burns down killing people or destroying property, builders are blamed, architect is blamed, building company is sued out of pants, forensics examine proper use of materials and practices. With computer security mishaps there's no such thing whatsoever. It has gone out of hand. It's always at best an open beta, but (unlike network connected PCs, consoles, phones) car systems cannot even get updates (and dog save us from fully Internet capable and connected systems, I suspect some of them already are, but I wouldn't know).

 

NIST actually endorses cracking AES and SHA, which are used... well, everywhere, it's a standard. Nobody has succeeded despite the whole world's best attempts. The problem with VW is likely that funny guys invented their own cheap algos, didn't let anybody test them, because, you see, who'll notice, right? Wrong.



#13 Javik

Javik

    Beware the tyrrany of those that wield power

  • 5,966 posts
  • Joined: 21-May 12

Posted 30 July 2013 - 20:08

I support this move. Within a few seconds of the video hitting youtube you'd get thousands of pikeys trying to do it. Responsible disclosure of vulnerabilities is important IMO