Monday, 29 July 2013

Volkswagen wins high court block on luxury car hack codes


volkswagen
Volkswagen has won a high court ruling blocking a university security lecturer from releasing research revealing the start codes for multiple manufacturers' cars.
Volkswagen won the case against University of Birmingham lecturer Flavio Garcia after he sought to publish a white paper revealing the codes used to start smart cars. The paper reportedly contains start codes for numerous big brands including Porsche, Audi, Bentley and Lamborghini.
"The University of Birmingham is disappointed with the judgment which did not uphold the defence of academic freedom and public interest, but respects the decision," the university said.
It has decided to defer publication of the academic paper in any form while additional technical and legal advice is obtained given the continuing litigation."
Volkswagen merely confirmed the ruling: "We can simply confirm that the UK High Court has issued an interim injunction in Volkswagen AG’s favour, against publication."
The news is highly relevant as it follows a pledge by renowned security expert Charlie Miller to release hack tools that will let researchers hijack control of moving cars. Miller confirmed plans to reveal and release the tools at the DefCon security conference in August.
The ethical hacker said the DefCon session will be co-hosted by director of security intelligence at IOActive Chris Valasek and will see them demonstrate the two-stage hack on two unnamed "modern" cars.
"Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher's point of view," read the session description.
"We will first cover the requisite tools and software needed to analyse a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II [sic] connection to perform critical car functionality, such as braking and steering. Finally, we'll discuss aspects of reading and modifying the firmware of ECUs installed in today's modern automobile."
Miller said the exploit will work on numerous car models, and joked that he accidentally crashed his own car while testing it on Twitter.
Charlie Miller initially rose to fame in the White Hat hacking community when he publicised a remote zero-day exploit for the iPhone. Apple infamously responded by blacklisting him from its developer community. He has since taken a role as at Twitter as a security researcher.

No comments:

Post a Comment