Court blocks scientists from revealing hack for millions of car keys

By Hum
in Science News & Discussion

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

A group of scientists based in Britain and the Netherlands has cracked the algorithms used in keys to start Porsches, Audis, Bentleys and Lamborghinis. The scientists had planned on revealing their findings in an academic paper, but a British high court banned them from doing so for now, citing the danger of gifting such information to car hackers and thieves.

Flavio Garcia is a lecturer in computer science at the University of Birmingham, and, along with his colleagues Baris Ege and Roel Verdult from the Stichting Katholieke University in the Netherlands, dissected the codes that the keys transmit to the vehicle for unlocking and starting. The cars in question all belong to the Volkswagen, and it was VW that pleaded with the courts to block the planned unveiling of the findings at a seminar in Washington, D.C., in August.

The scientists say they aim to improve safety for everyone, uncovering existing weaknesses and sharing them with the public in an effort to drive more secure systems. The Guardian reports that during proceedings in court, it emerged that the software behind the code has been available online since 2009.

more

Mentor

Gary2MBz

Posted
Posted

Anything for the F10 BMW 5 series? They also had a guy somewhere on Forbes manipulating a Prius using a MacBook Pro and they had a video of it all! :p

 

Edit: Here is that video!

 

Grand Master

Phouchg

Posted
Posted

UK is getting worse and worse... 

 

 

Garcia's treatment is in stark contrast to the laurels being heaped on America's Charlie Miller and Chris Valasek ahead of the upcoming DefCon conference in Las Vegas. Their demonstration of how to interfere with on-board computers was accepted at the Vegas con.

Miller and Valasek connect a laptop to the diagnostic ports of a Prius and a Ford Escape, and from there, show that the laptop can issue instructions to the vehicles' ECU (electronic control unit), including steering, acceleration, braking and the horn.

As part of the leadup to DefCon, snippets of their work are getting previewed left right and centre, without a lawsuit in sight.

Even though the pair promise to release their source code after DefCon, they have a key advantage over Garcia: America's First Amendment. The fact that their work was funded by DARPA doesn't hurt, especially since Miller told the BBC the work involved destroying a few cars.

 

More (El Reg)

Grand Master

Phouchg

Posted
Posted

Why would you even want to make something like this known?

 

Because it's shoddily implemented. I quote:

"to improve safety for everyone, uncovering existing weaknesses and sharing them with the public in an effort to drive more secure systems"

 

Yes, these are actual scientists at work. Computer security is science that requires chess grandmaster thinking, command of applied mathematics, electronics, physics and generally actually know how a modern computer works. And additionally, it's an art form. Most snobby-yuppie programmistas these days don't have a clue of any of these.

Grand Master

Growled Member

Posted
  • Member
Posted

Because it's shoddily implemented. I quote:

"to improve safety for everyone, uncovering existing weaknesses and sharing them with the public in an effort to drive more secure systems"

 

May be, but it seems criminal to me to release such information. 

Grand Master

Phouchg

Posted
Posted

You reap what you sow. It's way beyond time for computer software companies to get acquainted with the long lost principle called responsibility. If you build a house and it collapses or burns down killing people or destroying property, builders are blamed, architect is blamed, building company is sued out of pants, forensics examine proper use of materials and practices. With computer security mishaps there's no such thing whatsoever. It has gone out of hand. It's always at best an open beta, but (unlike network connected PCs, consoles, phones) car systems cannot even get updates (and dog save us from fully Internet capable and connected systems, I suspect some of them already are, but I wouldn't know).

 

NIST actually endorses cracking AES and SHA, which are used... well, everywhere, it's a standard. Nobody has succeeded despite the whole world's best attempts. The problem with VW is likely that funny guys invented their own cheap algos, didn't let anybody test them, because, you see, who'll notice, right? Wrong.

Grand Master

Noir Angel

Posted
Posted

I support this move. Within a few seconds of the video hitting youtube you'd get thousands of pikeys trying to do it. Responsible disclosure of vulnerabilities is important IMO

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Dbrand thought they could get away with this Steam Machine case, Valve disagreed

      By Rosyna · Posted

      Yes, it was amusing at the time because even then dbrand was well known for stealing the designs of products from other companies. That’s what they do.
    • Dbrand thought they could get away with this Steam Machine case, Valve disagreed

      By ZipZapRap · Posted

      Didn’t Dbrand once complain that Casetify was ripping off their designs a well? seems pretty bad of them to try and get around Valve’s copyright this way with that in mind.
    • Dbrand thought they could get away with this Steam Machine case, Valve disagreed

      By David Uzondu · Posted

      Dbrand thought they could get away with this Steam Machine case, Valve disagreed by David Uzondu Image via Dbrand Dbrand has cancelled its highly anticipated Companion Cube enclosure for the Valve Steam Machine, which it teased back in November of last year with a concept render and sign-up page, because it did not ask Valve for permission first before manufacturing the case. According to Dbrand, it took the "backwards approach" of building the product first before asking for permission from the copyright holder. Seven months of work went into the project, requiring over a thousand engineering hours from the design team. Workers developed forty-four sets of injection molding tools, making a unique mold for each sub-component of the crate. When the Companion Cube went live on Monday last week, it, according to Dbrand, quickly became the second-fastest-selling product in the company's fifteen-year history, racking up orders for hundreds of thousands of units. Customers eagerly bought the $129.95 deluxe edition or the bare-bones $99.95 version, which the manufacturer cheekily branded as the "Poverty Cube". It was around this time that the legal eagles at Valve descended on the accessory maker with a formal demand. The developer pointed out that the iconic block design remains protected intellectual property from the game Portal, so unlicensed sales had to stop. Dbrand said that all its pleas to salvage the project with the Valve team, including proposals to run a properly licensed release under official terms "with their blessing", fell on deaf ears, so it had no choice but to obey and remove every trace of the product from the internet. If you bought the enclosure, the company said that banks will process your refund by the end of this week, but if it still hasn't arrived in your account by then, you should not hesitate to contact support. The Steam Machine itself is a high-performance console that Valve designed directly to bring PC gaming into the living room. It was announced on 12th November 2025 (the same day Dbrand announced the Cube) and runs on the Linux-based SteamOS, the same OS that powers the Steam Deck. As for the price, due to the shortage of memory and storage chips, the hardware cost landed much higher than people were expecting, starting at $1,049 for the 512 model (without a controller) or $1,128 with the new gamepad. The premium 2 TB model pushes those prices even higher, selling at $1,349 for the standalone console and hitting $1,428 if you want the bundle.
    • Politically funny images of the World

      By +Edouard · Posted

    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • Rookie
      Almohandis went up a rank
      Rookie
    • Apprentice
      jahara21 went up a rank
      Apprentice
    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well
    • Week One Done
      NovaEdgeX earned a badge
      Week One Done
    • One Year In
      BA the Curmudgeon earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      534
    2. 2
      +Edouard
      266
    3. 3
      PsYcHoKiLLa
      148
    4. 4
      Steven P.
      97
    5. 5
      macoman
      57
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!