Thieves 'could hack VW, Por iot L?sungen sche, Audi cars'

www.inhandnetworks.de
Security researchers have found that many vehicles produced by the Volkswagen group – including some of the world’s biggest luxury brands like Audi and Porsche – have a security flaw that could let hackers access them without a key.

Researchers from the Netherlands and the UK will this week present a paper detailing the flaw in transponders used by Volkswagen (VW) in its Audi, Porsche, Bentley and Lamborghini lines, Bloomberg reported on Friday.

Cars produced by Fiat, Honda, Volvo and Maserati may also be affected.

But rather than publicize and fix the problems, VW took out a courindustrielle Kommunikationt injunction against the researchers in the UK after they showed the company their findings in 2013, preventing publication.

How it works

The loophole, found by Roel Verdult and Baris Ege of Radboud University and Flavio Garcia of the University of Birmingham, targets Megamos Crypto immobilizer transponders, one of the most common brands.

Immobilizers stop the car’s engine from starting unless the correct key fob is close to the car’s sensors and are used in modern cars with a “start engine” button rather than a turn-key ignition.

“We have reverse-engineered all cryptographic mechanisms of Megamos Crypto… furthermore, we have identified several weaknesses in Megamos Crypto which we exploit in three attacks,” the scientists wrote.industrie router wlan

In one of the attacks they developed, the researchers used “brute force” - simply writing a computer program to try every possible combination of cryptographic keys – to break into cars in less than half an hour.

Not yet a widespread method

“This isn’t a very realistic way of stealing cars” at the moment, security expert Dr David Oswald told The Local.

“For every one of these attacks, you have to speak with both the car and the key at least once. You need to get close.”

In most electronically-assisted thefts carried out today, Oswald said, thieves gain physical access to the car before connecting a computer or other device through the vehicle’s On-Board Diagnostics (OBD) port, which provides access to the car’s computer.

However, Oswald warned that “in the long term, it would definitely make sense to change the transponder. One should always make all components secure.”

While private car owners might not be at risk from the technique immediately, Oswald pointed out, there are cases where it would be easier for thieves to access both car and key fob wirelessly – for example, if a criminal rented a car he planned to steal later.

“There are technical solutions that are relatively secure that are available immediately,” Oswald said, although they would require physically changing components on every vehicle currently fitted with the Megamos transponder.

For now, while consumers could avoid buying cars fitted with the affected security system, “many other similar systems are not particularly secure either,” Oswald warned.

VW says risk is low

In an emailed statement on Friday, a VW spokesman told The Local that “the thresholds for protection against theft are always being lifted… the ignition lock on some older models of vehicle doesn’t match that on our current vehicle modules. That’s unavoidable.”

But he added that "even on older models from our product range like the ones the authors’ work addressed, the attacker would need at least one key and notes on at least two successful ignitions.”

Similar cases across many different fields of IT security have seen researchers heavily criticize companies for gagging their colleagues rather than fixing loopholes, as happened in this case with the UK injunction.

“The court proceedings with the universities and the authors before the High Court in London about publication of the article was ended with an amicable compromise,” the VW statement read.

“The authors are permitted to publish a part of their scientific work.”

The paper has now been published with one sentence redacted, which the researchers say contained a detailed description of calculations performed by the Megamos chip.

“Volkswagen always builindustrial iotds the most modern, technically up-to-date security technology into its vehicles,” the statement continued.

But VW added that while it offers software updates where necessary, it is “usually not possible” to update hardware components.

This article was updated on 14/08/2015 with the emailed statement from Volkswagen.

Tags: Industrie Router, LTE Router, Dual-SIM LTE Router, LTE Industrie Router, UMTS Industrie Router, Industrie Router und Modem, M2M Industrie Router, Industrie LTE Router, Industrie Router Hutschiene, industrie router wlan, wlan router hutschiene, Router für die Hutschiene, VPN router, Server maintenance, Website operation and maintenance, Server optimization, Server maintenance, Server Security, Host security, Website security, webdesign, joomla, seo, Smart Grid mit LTE Routern, Ipsec Industrie Router, OpenVPN Industrie Router, L2TP Industrie Router, robust Industrie Router, LAN router, Industrie Router Verkäufer, Hersteller, industrielle Kommunikation, Industrie Router, Industrie Computer, M2M-Kommunikation, industrial iot, industrial m2m, Server maintenance, Website operation and maintenance, Server optimization, webdesign, seo, joomla, Server maintenance, Server Security, Host security, Website security, IoT Kommunikation, industrielle Kommunikation, Industrie Router, iot Lösungen, A Global Leader in Industrial IoT, Industrial IoT, InHand Networks GmbH

Thieves 'could hack VW, Por iot L?sungen sche, Audi cars'相关推荐

Volkswagen profit roars back two yea iot L?sungen rs after 'dieselgate'
www.inhandnetworks.de The world's largest carmaker Volkswagen appeared back in racing form Friday, a ...
MySQL【环境搭建 02】Linux 非 root 用户部署 mysql-5.7.28 设置开机启动及问题汇总（含云盘资源）
之前分享了<Linux环境root用户安装 mysql-5.7.28>,很多时候我们部署的应用或者数据库的服务器是客户方的,我们可能没有root权限,所有这里分享一下非root权限如何安装 ...
[BZOJ3932][CQOI2015]任务查询系统(差分+主席树)
题面分析对于一个区间修改(s,e,v),我们可以将它差分,这样就变成了单点修改s和e+1(s插入,t+1删除) 我们用主席树维护差分数组的前缀和,第i棵主席树维护区间[1,i]之间的所有差分值那 ...
巴卡斯杯中国大学生程序设计竞赛 - 女生专场（重现）解题思路
此文章可以使用目录功能哟↑(点击上方[+]) 经过这么一次女生赛,告诉我们千万不要小瞧女生,不然会死得很惨,orz... 链接→"巴卡斯杯" 中国大学生程序设计竞赛 - 女生专场( ...
root 启动mysql_非root用户随开机而启动mysql服务
非root用户随开机而启动mysql服务今天验证了一下,非root用户随开机而启动msyql服务的脚本执行效果,特此简要记录如下: 环境: 192.168.142.130 mysql 5.6.41 ...
AWS re:Invent 大会 session 主题缩写含义
AWS re:Invent 每年都有很多主题演讲,每个演讲都有所属的主题.编号以及演讲题目,比如此链接所示:https://www.youtube.com/playlist?list=PLhr1KZp ...
【论文 CCF C】An adaptive portfolio trading system
An adaptive portfolio trading system: A risk-return portfolio optimization using recurrent reinforce ...
GSL 系列 6 — 线性代数 4 — LQ 分解
文章目录 0 写在前面 1 LQ 分解相关函数 1.1 LQ 分解 1.2 LQ 解包 1.2 求解线性方程组 1.3 其他参考 0 写在前面关于 LQ 分解的背景知识介绍,参见:GSL 系列 6 ...
Negative Sampling 负采样详解
在word2vec中,为了简化训练的过程,经常会用到Negative Sampling负采样这个技巧,这个负采样到底是怎么样的呢?之前在我的博文 word2vec算法理解和数学推导中对于word2v ...

Thieves 'could hack VW, Por iot L?sungen sche, Audi cars'

Thieves 'could hack VW, Por iot L?sungen sche, Audi cars'相关推荐

最新文章

热门文章