A UK judge has banned a British computer scientist from publishing an academic paper revealing secret codes used to start a number of luxury cars from the VW Group on the grounds that it could lead to the theft of millions of vehicles, The Guardian reported.
University of Birmingham’s Flavio Garcia, a lecturer in computer science, cracked the security system by discovering the unique algorithm called Megamos Crypto, which allows the car to verify the identity of the ignition key.
The UK’s High Court imposed an injunction on Garcia in a case launched by VW Group, which owns the Audi, Bentley, Lamborghini and Porsche premium brands. Two other cryptography experts from Holland’s Stichting Katholieke Universiteit are also involved in the case.
According to the daily newspaper report, VW complained that the publication of the paper could “allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car.”
Said scientists wanted to publish their paper titled “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser” at the Usenix Security Symposium in Washington D.C. this August, but the high court has imposed an interim injunction. VW had asked the authors to publish a redacted version of their paper without the codes, but they declined.
In their defense, Garcia and his colleagues Baris Ege and Roel Verdult said their work is academic and their aim was to improve security for everyone, not to help criminals hacking into luxury cars. The scientist added that “the public have a right to see weaknesses in security on which they rely exposed”. If they are not informed, the “industry and criminals know security is weak but the public do not.”
The report said the scientists claim they analyzed security on a number of different devices and objects, from Oyster cards to cars, to help manufacturers find weaknesses and improve on them.
By Dan Mihalascu
PHOTO GALLERY