High Court Bans Car Hacking Research

A British researcher who claimed to have cracked the cryptographic algorithm used to verify the identity of car keys has been told he cannot publish his findings.

A High Court decided the research of Flavio Garcia, of the University of Birmingham, could lead to car theft. He had cracked the algorithm of Megamos Crypto, used by various luxury cars, including Porsches, Audis and Bentleys.

Car hacking

Volkswagen’s parent company launched a case against Garcia and two other cryptography experts from the Stichting Katholieke Universiteit in The Netherlands. The car company claimed the research could “allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car”, according to the Guardian.

It wants the paper, Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser, to appear in a redacted form, but the researchers declined the offer.

Garcia and his fellow researchers said what they were doing was responsible, arguing “the public have a right to see weaknesses in security on which they rely exposed”.

The decision was made three weeks ago, but was only revealed late last week. Car hacking is becoming a hot topic, now it is a genuine cause for concern.

Noted hackers Charlie Miller and Chris Valasek will present their own research on car hacking at the Defcon conference taking place next week.

In a piece for Forbes magazine, they showed how they could get the car to do various things, including sudden steering wheel movements and killing the breaks, without the drivers’ permission.  They did it by creating software to override the car’s electronic control units (ECU).

Their efforts have been funded by the Pentagon’s research facility DARPA.

Think you know everything about Android? Try our quiz!