From the Guardian yesterday:
A British-based computer scientist has been banned from publishing
an
academic paper revealing the secret codes used to start luxury cars
including Porsches, Audis, Bentleys and Lamborghinis as it could
lead to
the theft of millions of vehicles, a judge has ruled.
The high court imposed an injunction on the University of
Birmingham's
Flavio Garcia, a lecturer in computer science, who has cracked the
security system by discovering the unique algorithm that allows the
car
to verify the identity of the ignition key.
The UK injunction is an interim step in a case launched by
Volkswagen's
parent, which owns the four luxury marques, against Garcia and two
other
cryptography experts from a Dutch university.
It complained that the publication could "allow someone, especially
a
sophisticated criminal gang with the right tools, to break the
security
and steal a car". The cars are protected by a system called Megamos
Crypto, an algorithm which works out the codes that are sent between
the
key and the car.
The scientists wanted to publish their paper at the well-respected
Usenix Security Symposium in Washington DC in August, but the court
has
imposed an interim injunction. Volkswagen had asked the scientists
to
publish a redacted version of their paper -- Dismantling Megamos
Crypto:
Wirelessly Lockpicking a Vehicle Immobiliser -- without the codes,
but
they declined.
Volkswagen told the court that the technology they examined was used
in
a number of its vehicles and other mass market cars manufactured by
itself and others.
Garcia and his colleagues from the Stichting Katholieke
Universiteit,
Baris Ege and Roel Verdult, said they were "responsible, legitimate
academics doing responsible, legitimate academic work" and their aim
was
to improve security for everyone, not to give criminals a helping
hand
at hacking into high-end cars that can cost their owners £250,000.
They argued that "the public have a right to see weaknesses in
security
on which they rely exposed". Otherwise, the "industry and criminals
know
security is weak but the public do not".
It emerged in court that their complex mathematical investigation
examined the software behind the code. It has been available on the
internet since 2009.
The scientists said it had probably used a technique called "chip
slicing" which involves analysing a chip under a microscope and
taking
it to pieces and inferring the algorithm from the arrangement of the
microscopic transistors on the chip itself -- a process that costs
around £50,000. The judgment was handed down three weeks ago without
attracting any publicity, but has now become part of a wider
discussion
about car manufacturers' responsibilities relating to car security.
The scientists said they examined security on everything from Oyster
cards to cars to enable manufacturers to identify weaknesses and
improve
on them.
Finding in Volkswagen's favour, Mr Justice Birss said he recognised
the
importance of the right for academics to publish, but it would mean
"that car crime will be facilitated". A Volkswagen spokesman
declined to
comment on the interim injunction.
Has anyone any thoughts as to what the cause of action might have
been here?
Andrew
--
Andrew Tettenborn
Professor of Commercial Law, Swansea University
School of Law, University of Swansea
Richard Price Building
Singleton Park
SWANSEA SA2 8PP
Phone 01792-602724 / (int) +44-1792-602724
Fax 01792-295855 / (int) +44-1792-295855
|
Andrew
Tettenborn
Athro yn y Gyfraith Fasnachol, Prifysgol Abertawe
Ysgol y Gyfraith, Prifysgol
Abertawe
Adeilad Richard Price
Parc Singleton
ABERTAWE SA2 8PP
Ffôn 01792-602724 / (rhyngwladol) +44-1792-602724
Ffacs 01792-295855 / (rhyngwladol) +44-1792-295855
|
Lawyer
(n): One versed in
circumvention of the law (Ambrose Bierce)
***