CloseThis is all over the tech news right now. Not sure how many newer Porsche models are affected though.
More details over the next couple of weeks...I guess.
Not sure how VW is going to fix that.
RC (Germany) - Rennteam Editor Porsche 991 Turbo S (Sept. 2013), Cayenne GTS (958), BMW X3 35d (2013)
Jul 29, 2013 1:40:07 PM
Lars997:
had to happen one day and the VW is one of the most used onese so certainly they want to try crack this one.
Anyway..... the best system is still a hidden button blocking the ignition!
I had a hidden toggle switch on my Mustang that would turn off the electri fuel pump. Because the car was carbureted, you could start it and go about 200 metres with the gas in the carb before it would die. That way, the thief would probably be out in traffic and would end up leaving it there. I think it cost about $2.00 for the switch. 
A High Court judge has blocked three security researchers from publishing details of how to crack a car immobilisation system.
German car maker Volkswagen and French defence group Thales obtained the interim ruling after arguing that the information could be used by criminals.
The technology is used by several car manufacturers.
The academics had planned to present the information at a conference in August.
The three researchers are Flavio Garcia, a computer science lecturer at the University of Birmingham, and Baris Ege and Roel Verdult, security researchers at Radboud University Nijmegen in the Netherlands.
"The University of Birmingham is disappointed with the judgement which did not uphold the defence of academic freedom and public interest, but respects the decision," said a spokeswoman.
"It has decided to defer publication of the academic paper in any form while additional technical and legal advice is obtained given the continuing litigation. The university is therefore unable to comment further at this stage."
Radboud University Nijmegen said it found the ban "incomprehensible".
"The publication in no way describes how to easily steal a car, as additional and different information is needed for this to be possible," said a spokeswoman.
"The researchers informed the chipmaker nine months before the intended publication - November 2012 - so that measures could be taken. The Dutch government considers six months to be a reasonable notification period for responsible disclosure. The researchers have insisted from the start that the chipmaker inform its own clients."
Neither VW nor Thales was able to provide comment.
The ruling was issued on 25 June, but the case only gained public attention following an article in the Guardian.
Two-day hackThe presentation - entitled Dismantling Megamos Crypto: Wirelessly Lock-picking a Vehicle Immobiliser - is still listed on the website of the Usenix Security Symposium, which will be held in Washington next month.
Megamos Crypto refers to a transponder built into car keys which uses RFID (radio-frequency identification) to transmit an encrypted signal to the vehicles. This deactivates a system which otherwise prevents their engines from starting.
VW introduced the technology in the late 1990s and it is also used by Honda and Fiat among others.
The researchers said they had obtained a software programme from the internet which contained the algorithm devised by Thales to provide the security feature. They said it had been on the net since 2009.
VW has used the security tech in its Audi cars among other brandsThe researchers said they had then discovered a weakness in the code meaning that it could be compromised, and added that there was a strong public interest that the information be disclosed to ensure the problem was addressed.
However, VW and Thales argued that the algorithm was confidential information, and whoever had released it on the net had probably done so illegally. Furthermore, they said, there was good reason to believe that criminal gangs would try to take advantage of the revelation to steal vehicles.
The researchers argued that this risk was overblown since car thieves would need to run a computer program for about two days to make use of the exploit in each case.
They said that removing the sections which VW and Thales wanted expunged would mean their paper would have to be peer reviewed a second time, and they would miss their slot at the conference as a consequence. And they argued that their right to publish was covered by freedom of speech safeguards in the European Convention on Human Rights.
However, the judge ruled that, pending a full trial, the details should be withheld.
Tom Ohta, an associate at the law firm Bristows - which was not involved in the case - said the way the researchers discovered the flaw proved their undoing.
"An important factor here was that the academics had not obtained the software from a legitimate source, having downloaded it from an unauthorised website," he said.
"This persuaded the court that the underlying algorithm was confidential in nature, and bearing in mind the public interest of not having security flaws potentially abused by criminal gangs, led to the injunction."
--
Porsche 997 Carrera S PDK Aqua Blue / Black - Skoda Octavia Mk.3 daily drive
Jul 29, 2013 2:26:33 PM
JoeRockhead:
Lars997:
had to happen one day and the VW is one of the most used onese so certainly they want to try crack this one.
Anyway..... the best system is still a hidden button blocking the ignition!
I had a hidden toggle switch on my Mustang that would turn off the electri fuel pump. Because the car was carbureted, you could start it and go about 200 metres with the gas in the carb before it would die. That way, the thief would probably be out in traffic and would end up leaving it there. I think it cost about $2.00 for the switch.
That's what I meant. I always had them old days in my cars but in my new cars I even didnt think about. Maybe I should again 
About Rennteam | Help | Terms of use | Privacy Policy | Support | Contact | Imprint | Archive
Powered by
Community
and
