A car-hacking study conducted by researchers has been blocked by England's High Court. The paper would detail ways to hack a computer chip used to encrypt ignition keys in cars manufactured by Volkswagen, including Porsches, Lamborghinis and Bentleys.
England’s High Court issued a temporary injunction delaying the publication of a study conducted by researchers from the University of Birmingham, the Associated Press reports. The car-hacking study, led by Flavio Garcia, revealed three ways to get around Volkswagen’s computer chip used to encrypt ignition keys. The encryption system prevents any unauthorized individuals, or would-be thieves, from starting the car using a different key than the one assigned to the car, AP notes. The encrypted keys are used in luxury cars such as Porsches, Lamborghinis, Bentleys and other Volkswagen-manufactured cars such as Audi.
The Guardian reports Garcia and other researchers from Radboud University, in the Netherlands, discovered the algorithm used in Megamos computer chips and were going to present the information at the Usenix Security Symposium, held in Washington, D.C. A spokeswoman for the University of Birmingham issued a statement, saying, “The University of Birmingham is disappointed with the judgment, which did not uphold the defense of academic freedom and public interest, but respects the decision.”
As AP reports, for the last 15 years, the UK has required the encryption system, called immobilizers, to be installed in each new car sold. The paper was going to reveal how the researchers bypassed the encryption system and the different ways to hack the computer chip. Volkswagen felt the information could be a security threat and, in essence, create a blueprint for hackers to use for the creation of decrypted keys.
The university states the results of the research were presented to the manufacturer of the computer chip used by Volkswagen more than six months ago and the car manufacturer’s concern about thieves hacking into cars based on the research was exaggerated.
According to the university’s statement, “The paper reveals inherent weaknesses, on the basis of mathematical calculations, and is based on an analysis of publicly available information,” the Guardian reports. The university also notes the need for further information unavailable to the public for any proposed theft to occur. The paper was set to be published in August, but the university has agreed to delay publication.
The research paper and the car-hacking study is considered “white hat” hacking, which primarily focuses on computer security. The results of white-hat hacking are usually presented to companies and the research can be funded by the same companies. The research is usually given to companies prior to any publication of the data and is meant to discover potential flaws or security weakness and provide ways to bolster a company’s system. Some recent examples of white-hat hacking include Darpa-funded testing of car hacking using a laptop and the SIM card hacking by Security Research Labs, which discovered 750 million cell phones may be vulnerable to remote hacking.
The University of Birmingham and Volkswagen are still seeking legal counsel on the matter and have not issued further comments.