Saturday, May 10, 2014

Security of expensive cars, apparently not so good... the Magamos Crypto algorithm is 20+ years old technology

That algorithm allows the car to verify the identity of the ignition key.

Flavio Garcia and the Dutch researchers Baris Ege and Roel Verdult from the Raboud University discovered the unique algorithm could lead to the theft of not just the luxury cars including Porsches and Bentleys but also of lower-end people-carriers and other makes, including Audis which use its Megamos Crypto algorithm and had planned to publish their paper at the Usenix Security Symposium in Washington DC in August, but Volkswagen won a temporary injunction banning this.

Volkswagen complained to the judge that the publication could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car".

"The chip dates back to the mid-nineties and has since become outdated, but is nevertheless still widely used in the automotive industry," they said in a statement issued by their university. "The paper reveals inherent weaknesses, on the basis of mathematical calculations, and is based on an analysis of publicly available information. The publication in no way describes how to easily steal a car, as additional and different information is needed for this to be possible," they said.

"The University of Birmingham is disappointed with the judgment which did not uphold the defence of academic freedom and public interest, but respects the decision. It has decided to defer publication of the academic paper in any form while additional technical and legal advice is obtained given the continuing litigation," a spokeswoman said.

"The interesting thing is whether this discovery renders the cars no longer fit for purpose / satisfactory quality under the Sale of Goods Act, enabling owners to return for a full refund."

Found on via the Manchester Guardian

No comments:

Post a Comment