VW spent two years trying to cover a security flaw
VW spent two years trying to cover a security flaw
Volkswagen, the world’s largest automaker, has left thousands of consumers at risk for car-hacking over the past two years and has tried to cover it up.
“Keyless” car theft is on the rise. It is especially a problem in Europe accounting for 42 percent of stolen vehicles in London. In 2012, researchers discovered that the RFID or Radio-Frequency Identification transponder chip used in immobilizers were weak and could easily be hacked into. The automakers sued the researchers to prevent them from exposing the findings, and still did nothing to fix the problem.
The findings were finally published, by Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham, U.K. The paper revealed the details on how the Megamos Crypto transponder, one of the most common immobilizer transponders, can be targeted by hackers to steal vehicles. The Megamos is used in Volkswagen-owned luxury brands such as Audi, Porsche, Bentley, Lamborghini, Fiats, Hondas, Volvo’s and some Maserati vehicles.
Immobilizer transponders are what stop the engine from running unless the correct key fob with the RFID chip is near the vehicle. Although they prevent things like hot-wiring, they make hacking just as easy. The weaknesses highlighted in the paper are not something that can be easily fixed overnight. Fixing them will also come with great expense to the automakers as well.
Originally, the researchers took their findings to manufacturer of the chip in February 2012 giving them nine months to fix the flaw. Then they took the findings to Volkswagen in May 2013. Instead of remedying the issue, Volkswagen responded by filing a lawsuit to prevent the publication of the paper, with the argument that vehicles would be placed at risk of theft. After a long process of negotiations the paper is available with only one sentence redacted – the sentence which explains the description of a component of the calculations on the chip. You can read the redacted paper here.
Although car theft doesn’t put anyone’s life in danger, it does beg the question of what other technology Volkwagen has that could be easily hacked. Things like shutting the vehicle on or off, brakes, or acceleration could all cause serious accidents and injuries. Let’s hope automakers won’t continue to cover up a flaw that could cost them severely, and then say they are covering it up for safety.