The recent trend of car hacking research has created quite a culture clash between hackers and large automakers.
Sourced through Scoop.it from: mashable.com
Volkswagen, which owns Porsche, Audi, Lamborghini, Bentley and others, tried to suppress the release of a paper which detailed the security vulnerabilities in many cars, reports Bloomberg. The paper is being presented at the USENIX Security Symposium in Washington DC this weekend. For its part, Volkswagen doesn’t think consumers should be worried. – The paper was published this week with just one sentence redacted. In the paper, white-hat hackers Roel Verdult and Baris Eg, from Radboud University, and Flavio Garcia from the University of Birmingham, detail a flaw with the Megamos Crypto transponder. The Crypto is a radio-frequency identification (RFID) transponder placed in car keys and key fobs which prevents an engine from starting without the transponder within range. The hackers were able to exploit vulnerabilities in the Crypto that allowed them to unlock and start a variety of cars within half an hour. By decoding two transmissions between the key and transponder, the team gained access to the transponder’s 96-bit secret key. With the secret key, the team then ran through all 196,607 possible key options until they found the one that allowed them to start the car. The hackers research — conducted in 2012 — notes that a variety of cars, including many from Volkswagen, used the Megamos Crypto and are thus vulnerable, though they aren’t specific about which model years are affected.