So what's the cause? Volkswagen seems to think that a lawyer can stop the Internet. The researchers point out that (a) their paper did not include the information that Bad Guys would need to do a hack, and (b) the information can be found on the Internet anyway, if you look. So what does this all mean? The auto manufacturers seem to be in the same level of awareness as the KTVU TV station that is trying (and trying, and trying) to get their video taken down from Youtube.A High Court judge has blocked three security researchers from publishing details of how to crack a car immobilisation system.German car maker Volkswagen and French defence group Thales obtained the interim ruling after arguing that the information could be used by criminals.The technology is used by several car manufacturers.The academics had planned to present the information at a conference in August.
There's actually a bigger deal here, involving hardware that would justify a recall. Volkswagen used a chip in their computer system that allows the security bypass. There's very likely finger pointing going on between the chip manufacturer and Volkswagen, leading to no action being taken to fix the issue. The researchers point this out:
He did it! No he did! Uh huh! Nuh uh!"The researchers informed the chipmaker nine months before the intended publication - November 2012 - so that measures could be taken. The Dutch government considers six months to be a reasonable notification period for responsible disclosure. The researchers have insisted from the start that the chipmaker inform its own clients."Neither VW nor Thales was able to provide comment.
[rolls eyes]
Meanwhile, Volkswagen owners are at risk of having their cars stolen. That's the reason not to get a car with this sort of computerized nonsense.
Which is why I want my next car to be an old rusty jeep.
ReplyDeleteGood luck finding a car that doesn't have too much electronics. I've already decided to not buy another Subaru, partly because of that stupid RFID key. All that means to me is it costs me a hundred bucks at the dealership to have a duplicate key made, instead of five bucks at the hardware store.
ReplyDeleteI'm sure my insurance company loves it, but until they start helping make my car payments -I- choose the features in my car.
I've often wondered how much it would take to retrofit a modern car with a non-smart key. (Too lazy to check. It's probably not that expensive or difficult.)
ReplyDeleteHeh. I love how they try to backpedal and claim "oh, but we didn't tell anyone HOW to do it, and they could find that out online anyway." First, admitting that yes, it can be done means that now even MORE hackers will be working on this until its cracked, which, secondly, they don't need to bother doing since the auto idiots verified that it already exists, they just need to Google it.
ReplyDeleteI need me a classic car with no computer, maybe an FM radio/tape-deck.
Yet another reason to love my M35A2 and mid-80's Honda motorcycle. One is EMP-proof (the only electronics on the truck is the turn signal module), and the other gets 45MPG. Neither one has a computer with an external data port (the bike does have a CDI box). Parts are getting hard to find for both, but I'll drive them till they don't run anymore.
ReplyDeleteSigh...I'm going to have to pay the dealer $$$ to replace my lost Hyundai key, aren't I?
ReplyDeleteIf I'm reading the new car sales ads correctly, moderately crappy new cars start at about 15 grand.
ReplyDeleteFor that kind of money, I bet it's feasible to get quite a nice old car.