CAR OWNERS AT INCREASING RISK OF ELECTRONIC HACKING
Research suppressed for two years by an injunction has found that thousands of car models are at risk from electronic hacking.
The research was originally blocked from publication by VW, but involves a piece of technology also used by a range of manufacturers including Honda, Volvo, Fiat and Audi as well as high-end brands such as Porsche and Maserati.
The models use the Megamos Crypto system, which should stop a car engine from starting without a keyfob present which contains the correct radio frequency identification chip.
In what experts have termed “a serious flaw”, researchers found that they could intercept the signals sent between the chip and the car using a commercially available computer programme to identify the secret codes used.
Birmingham University and Radbound University in Njimegen were able to publish their paper, ‘Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser’ with only one redacted sentence last weekend after disputing the injunction.
The paper concludes that the “cryptographic mechanisms were not strengthened to compensate” for the removal of the vehicle’s mechanical key. It recommends changing the chip system to one which includes a random number generator, which would make it more difficult to intercept transmissions and break codes.
The research team began their investigations after police reported being puzzled by the rising numbers of “keyless car theft”, originally identifying the flaw in 2012. Approximately 6,000 keyless vehicles thefts occurred in London in the last year alone.
The research was published on the grounds that the ban blocked essential information from public knowledge.