cross pond high tech
Find tag "Car"
32.2K views | +69 today
cross pond high tech
light views on high tech in both Europe and US
Your new post is loading...
Your new post is loading...
Rescooped by Philippe J DEWOST from Marketing, Innovation, Security, IoT!

Silenced For 2 Years By Volkswagen, Car Hackers Reveal Their Paper On Security Hole

Silenced For 2 Years By Volkswagen, Car Hackers Reveal Their Paper On Security Hole | cross pond high tech |

Two years ago, a trio of researchers were preparing to present the findings of their investigation into the security of car immobilisers used by luxury cars.

The way these devices are supposed to work is like this:

You sit in your car, and push the “Start” button. The engine should remain immobilised, and refuse to start, unless a cryptographic algorithm on the key’s RFID transponder correctly verifies the identity of the key being used to start the motor.

If you don’t have the right key on you, the car should refuse to start. The car thief, hopefully, walks away in frustration.


The researchers, a lecturer in Computer Science at the University of Birmingham in the UK, and two colleagues from the Radboud University in the Netherlands, found a problem with the Megamos Crypto system used on some cars, and believed that the public had a right to know about the security weakeness.

The research paper planned for presentation at the USENIX Security Symposium in August 2013, would describe both the algorithm and the weakness within it.


However, their hopes of making the flaws public were dashed by the UK’s High Court of Justice, who ordered that the talk should not be presented and that key parts of their research must not be published.

The court’s concern was that the research by Flavio Garcia, Baris Ege and Roel Verdult would mean “that car crime would be facilitated”, as criminals could exploit the security weakness to steal expensive cars such as Audis, Bentleys, Porsches, and Lamborghinis.


And who had asked the court to silence the researchers? Car manufacturing giant Volkswagen and French defence group Thales.


Now, in August 2015, the researchers’ paper is finally being presented at the USENIX security conference in Washington DC, two years later than originally planned, detailing how the Megamos Crypto system – an RFID transponder that uses a Thales-developed algorithm to verify the identity of the ignition key being used to start their motors – can be subverted.

Via Frederic GOUTH, Thierry Evangelista
Philippe J DEWOST's insight:

Chrysler is not alone when it comes to hack cars. Best answer to date to this mounting issue is probably Tesla's approach combining zero-day acquisition strategy with OTA regular patch deployments.

Emmanuel HAVET's curator insight, September 1, 6:00 AM

As P.J Dewost said : OTA, OTA, OTA. Car manufacturers should have for years and not depend on OEM providers for this.

Scooped by Philippe J DEWOST!

Audi and Google Team up on Android Powered dashboards

Audi and Google Team up on Android Powered dashboards | cross pond high tech |
Google has just forged a partnership with German automaker Audi to bring an Android-powered entertainment and information system to Audi vehicle dashboards in the near future. It's a clear shot against Apple, which announced an 'iOS in the Car' program last year, with the collaboration of Mercedes, BMW and Honda — as well as GM in the United States. Here's the Wall Street Journal's take on the deal, which was their scoop: "With 80 million new cars and light trucks sold each year, automobiles represent a significant new opportunity for Internet-based software and services. 'The car is becoming the ultimate mobile device,' said Thilo Koslowski, an analyst at the research firm Gartner. 'Apple and Google see that and are trying to line up allies to bring their technology into the vehicle.'"
Philippe J DEWOST's insight:

Time to remember that mobile started as a car phone, and that Microsoft announced 'Auto PC' a few years ago...

Emmanuel HAVET's curator insight, December 31, 2013 4:15 AM

Il y a quelques mois, les constructeurs ne voulaient surtout pas dire si Android était embarqué. C'est le cas depuis longtemps. Une excellente chose que cela soit enfin clair...