Numerous automakers and their cars could have been at risk of theft because of a keyless entry system vulnerability, say researchers in the United Kingdom and the Netherlands.
And the academics have said they found out about the vulnerability more than two years ago but the manufacturers – particularly Germany’s powerful Volkswagen Group – acted to block their research from being published. Back in 2013 VW AG asked the High Court in the UK to stop the researchers from showing their findings and now, after long debates between the two parties, an edited transcript will finally be revealed. According to one of the authors, a sentence that had an explicit description of a component of the calculations involved will be deleted in order to make things much more difficult for malevolent hackers to perform the attack. The vulnerability the university researchers found back in 2012 is related to the Radio-Frequency Identification (RFID) transponder chip used in immobilizers. The researchers first showed the findings to the manufacturer of the chip back in 2012 and then to VW in 2013.
The research findings, presented by Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham in the UK, will be released at the USENIX security conference in Washington, D.C. “This is a serious flaw and it’s not very easy to quickly correct,” comments Tim Watson, Director of Cyber Security at the University of Warwick. “It isn’t a theoretical weakness, it’s an actual one.” The fix is also not easy or quick: the RFID chips in the keys and transponders inside the vehicles will need to be replaced, which will incur massive costs.
Via Automotive News Europe