The recent trend of car hacking research has created quite a culture clash between hackers and automakers.
Volkswagen, which owns Porsche, Audi, Lamborghini, Bentley and others, tried to suppress the release of a paper which detailed the security vulnerabilities in many cars, reports Bloomberg. The paper is being presented at the USENIX Security Symposium in Washington DC this weekend.
For its part, Volkswagen doesn’t think consumers should be worried.
SEE ALSO: Hackers prove how hard it is to hack a Tesla
An injunction from a UK high court was awarded to Volkswagen in 2013 after it sued the hackers. VW claimed that publication of the paper would make it easier for would-be criminals to steal cars made by Volkswagen and a variety of other manufactures.
The paper was published this week with just one sentence redacted.
In the paper, white-hat hackers Roel Verdult and Baris Eg, from Radboud University, and Flavio Garcia from the University of Birmingham, detail a flaw with the Megamos Crypto transponder. The Crypto is a radio-frequency identification (RFID) transponder placed in car keys and key fobs which prevents an engine from starting without the transponder within range.
The hackers were able to exploit vulnerabilities in the Crypto that allowed them to unlock and start a variety of cars within half an hour. By decoding two transmissions between the key and transponder, the team gained access to the transponder’s 96-bit secret key. With the secret key, the team then ran through all 196,607 possible key options until they found the one that allowed them to start the car.
Their research — conducted in 2012 — notes that a variety of cars, including many from Volkswagen, used the Megamos Crypto and are thus vulnerable, though they aren’t specific about which model years are affected.
The hackers have yet to respond to a Mashable request for comment.
Volkswagen thinks consumers don’t need to be alarmed, though.
“The circumstances presented in the laboratory can be replicated in reality only with considerable, complex effort, and in this relation organised crime will most likely have the greatest interest in implementing this method of circumvention in the form of tools,” said a Volkswagen representative in an email sent to Mashable regarding the hacker’s method of attack.
Furthermore, VW claims its newest vehicles use the modular MQB platform, which includes cars like the Volkswagen Golf and Audi A3, and that it’s not susceptible to this particular vulnerability.
As for the legal battle? A company representative said the proceedings had been settled “amicably.”
Car theft via exploiting security vulnerabilities is unfortunately on the rise, and it’s not a phenomenon exclusive to cars made under Volkswagen’s umbrella. In 2014, 42% of car thefts in London were stolen by hacking keyless entry systems reportsBloomberg.
As cars become more connected and high-tech, they become vulnerable to these sorts of attacks. Automakers and their parts suppliers need to be more proactive about cybersecurity as it’s always going to be an issue.
There’s quite a culture clash between white-hat hackers and automakers, though. Hackers seem to like to hold automakers accountable for their lapses in security, whereas automakers would like to keep the discussion internal.
That’s the case here, and with the recent, highly publicized hack of Fiat Chrysler vehicles. It’s not just in the automotive industry either, as a recent (and controversial) blog post from an Oracle executive demonstrates.
Volkswagen Group of America, along with 12 other automakers, are lobbying to have car technology protected by the Digital Millennium Copyright Act (DMCA), effectively outlawing the research done by white-hat hackers.
View the original content and more from this author here: http://ift.tt/1IPAwLL
from hacker samurai http://ift.tt/1Per0nf
via IFTTT
No comments:
Post a Comment