Flavio Garcia of the University of Birmingham is a computer scientist who recently co-authored a paper that exposed the inherent weakness of the keyless entry systems used by VW’s luxury brands (and other makes). That paper was to be presented at a conference but was banned by a British court, at VW’s request.
The paper highlighted security flaws in Megamos Crypto, the security system used by Bentley, Porsche, Audi and others, and also the only automotive security system that sounds like something you’d learn how to use at Hogwarts. “Megamos Crypto!” you’d yell while waving your wand, and, boom, your car’s locked.
The paper mathematically explored the software behind the code, which has been available on the internet since 2009. They also studies the fundamental algorithms by methods that the Guardian seems oddly unsure about:
The scientists said it had probably used a technique called "chip slicing" which involves analysing a chip under a microscope and taking it to pieces and inferring the algorithm from the arrangement of the microscopic transistors on the chip itself – a process that costs around £50,000.
I’m not sure about that “probably” but either way, the paper did manage to highlight many of the security holes and weaknesses of the system. Volkswagen’s request to block the paper’s presentation was based on the fear that the information could
“… allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car"
While the Dutch-and-British authors of the paper counter that
“… the public have a right to see weaknesses in security on which they rely exposed … industry and criminals know security is weak but the public do not".
While it’s possible publishing the paper could expose more people to the security weaknesses, the responsibility to keep the cars secure is pretty firmly in Volkswagen’s camp — security via obscurity is not nearly enough to rely on for high-end cars like these. It’s thanks to the work of researchers like this team that keeps car security systems ahead of the people trying to compromise them.
And that’s not even bringing up the issues with censoring scientific papers because some company doesn’t like the results, which is, of course, profoundly creepy.