College Students and Scientists Expose Car Security Flaws

used-carsSuppressed by a major manufacturer for two years, an academic paper exposed a major security flaw that more than 100 car models have. A computer scientist at the University of Birmingham, Flavio Garcia, along with two colleagues from a Dutch University, did not get to release the paper, due to a ban from the high court-Volkswagen won the case to ban the publication.

You thought that most car thefts can be prevented by a car key replacement and Transponder re-programming service? Think again. It was discovered that vehicle manufacturers (such as You thought that most car thefts can be prevented by a transponder re-programming or a car key replacement service? Think again. It was discovered that vehicle manufacturers (such as Volkswagen, Citroën, Audi, Fiat, Volvo and Honda) had models that can be stolen easily, since it doesn't require much effort to deactivate the theft preventing device.

The paper finally got its release, after years of negotiations-Volkswagen agreed to the paper’s publication, because the author agreed to remove one simple sentence from the manuscript.

Faults in the Swiss-made Immobilizer System

Some students from the Radboud University in Nijmegen (BariÅŸEge and RoelVerdult), along with Garcia, discovered several weaknesses in the Megamos Crypto, a Swiss-made immobilizer system. This device prevents the engine from starting, when the transponder that’s embedded in the key is not available.

The researchers, however, revealed that it was possible to tap in on signals sent between the key and the security system, which makes the vehicles susceptible to close-range wireless communication attacks.

The team also commented that their attacks required close range wireless communication with both the transponder and the immobilizer unit. They went on to say that it’s not hard to imagine real-life situations like car rental or valet parking, where someone had access to both for some time. It’s also quite possible to foresee a setup with two criminals, one wirelessly "pickpocketing" the victim’s car key and the other interacting with the car.

The computer intellects desperately wanted to publish their findings in 2013 at the Usenix Security Symposium in Washington DC, but the court executed an interim injunction. Volkswagen argued that the publication of these findings could give a hint to someone, especially an expert criminal gang with the right tools, the know-how to breach security and steal a vehicle.

Garcia and the team argued that they were responsible academics, doing legitimate academic work and their intention was to improve overall security for everyone, including manufacturers.

The RAC reported that the number of car theft cases decreased by 70% during the last 40 years, due to the use of electronic security systems; however, electronic vehicular hacking cases are becoming more popular nowadays.

The vulnerability of vehicles was recently exposed in a new research, by researchers from the University of California. They remotely hacked a car, disabled its brakes and activated its windscreen wipers, by means of a simple text message.

Fiat Chrysler announced in July that it was recalling 1.4 million vehicles, after cyber criminals hacked a jeep over the internet .This is certainly some interesting food for thought that other car manufacturers should not overlook.

If you have any questions, please ask below!