Thieves 'could hack VW, Por iot L?sungen sche, Audi cars'
www.inhandnetworks.de
Security researchers have found that many vehicles produced by the Volkswagen group – including some of the world’s biggest luxury brands like Audi and Porsche – have a security flaw that could let hackers access them without a key.
Researchers from the Netherlands and the UK will this week present a paper detailing the flaw in transponders used by Volkswagen (VW) in its Audi, Porsche, Bentley and Lamborghini lines, Bloomberg reported on Friday.
Cars produced by Fiat, Honda, Volvo and Maserati may also be affected.
But rather than publicize and fix the problems, VW took out a courindustrielle Kommunikationt injunction against the researchers in the UK after they showed the company their findings in 2013, preventing publication.
How it works
The loophole, found by Roel Verdult and Baris Ege of Radboud University and Flavio Garcia of the University of Birmingham, targets Megamos Crypto immobilizer transponders, one of the most common brands.
Immobilizers stop the car’s engine from starting unless the correct key fob is close to the car’s sensors and are used in modern cars with a “start engine” button rather than a turn-key ignition.
“We have reverse-engineered all cryptographic mechanisms of Megamos Crypto… furthermore, we have identified several weaknesses in Megamos Crypto which we exploit in three attacks,” the scientists wrote.industrie router wlan
In one of the attacks they developed, the researchers used “brute force” - simply writing a computer program to try every possible combination of cryptographic keys – to break into cars in less than half an hour.
Not yet a widespread method
“This isn’t a very realistic way of stealing cars” at the moment, security expert Dr David Oswald told The Local.
“For every one of these attacks, you have to speak with both the car and the key at least once. You need to get close.”
In most electronically-assisted thefts carried out today, Oswald said, thieves gain physical access to the car before connecting a computer or other device through the vehicle’s On-Board Diagnostics (OBD) port, which provides access to the car’s computer.
However, Oswald warned that “in the long term, it would definitely make sense to change the transponder. One should always make all components secure.”
While private car owners might not be at risk from the technique immediately, Oswald pointed out, there are cases where it would be easier for thieves to access both car and key fob wirelessly – for example, if a criminal rented a car he planned to steal later.
“There are technical solutions that are relatively secure that are available immediately,” Oswald said, although they would require physically changing components on every vehicle currently fitted with the Megamos transponder.
For now, while consumers could avoid buying cars fitted with the affected security system, “many other similar systems are not particularly secure either,” Oswald warned.
VW says risk is low
In an emailed statement on Friday, a VW spokesman told The Local that “the thresholds for protection against theft are always being lifted… the ignition lock on some older models of vehicle doesn’t match that on our current vehicle modules. That’s unavoidable.”
But he added that "even on older models from our product range like the ones the authors’ work addressed, the attacker would need at least one key and notes on at least two successful ignitions.”
Similar cases across many different fields of IT security have seen researchers heavily criticize companies for gagging their colleagues rather than fixing loopholes, as happened in this case with the UK injunction.
“The court proceedings with the universities and the authors before the High Court in London about publication of the article was ended with an amicable compromise,” the VW statement read.
“The authors are permitted to publish a part of their scientific work.”
The paper has now been published with one sentence redacted, which the researchers say contained a detailed description of calculations performed by the Megamos chip.
“Volkswagen always builindustrial iotds the most modern, technically up-to-date security technology into its vehicles,” the statement continued.
But VW added that while it offers software updates where necessary, it is “usually not possible” to update hardware components.
This article was updated on 14/08/2015 with the emailed statement from Volkswagen.
Tags: Industrie Router, LTE Router, Dual-SIM LTE Router, LTE Industrie Router, UMTS Industrie Router, Industrie Router und Modem, M2M Industrie Router, Industrie LTE Router, Industrie Router Hutschiene, industrie router wlan, wlan router hutschiene, Router für die Hutschiene, VPN router, Server maintenance, Website operation and maintenance, Server optimization, Server maintenance, Server Security, Host security, Website security, webdesign, joomla, seo, Smart Grid mit LTE Routern, Ipsec Industrie Router, OpenVPN Industrie Router, L2TP Industrie Router, robust Industrie Router, LAN router, Industrie Router Verkäufer, Hersteller, industrielle Kommunikation, Industrie Router, Industrie Computer, M2M-Kommunikation, industrial iot, industrial m2m, Server maintenance, Website operation and maintenance, Server optimization, webdesign, seo, joomla, Server maintenance, Server Security, Host security, Website security, IoT Kommunikation, industrielle Kommunikation, Industrie Router, iot Lösungen, A Global Leader in Industrial IoT, Industrial IoT, InHand Networks GmbH
Thieves 'could hack VW, Por iot L?sungen sche, Audi cars'相关推荐
- Volkswagen profit roars back two yea iot L?sungen rs after 'dieselgate'
www.inhandnetworks.de The world's largest carmaker Volkswagen appeared back in racing form Friday, a ...
- MySQL【环境搭建 02】Linux 非 root 用户部署 mysql-5.7.28 设置开机启动及问题汇总(含云盘资源)
之前分享了<Linux环境root用户安装 mysql-5.7.28>,很多时候我们部署的应用或者数据库的服务器是客户方的,我们可能没有root权限,所有这里分享一下非root权限如何安装 ...
- [BZOJ3932][CQOI2015]任务查询系统(差分+主席树)
题面 分析 对于一个区间修改(s,e,v),我们可以将它差分,这样就变成了单点修改s和e+1(s插入,t+1删除) 我们用主席树维护差分数组的前缀和,第i棵主席树维护区间[1,i]之间的所有差分值 那 ...
- 巴卡斯杯 中国大学生程序设计竞赛 - 女生专场(重现)解题思路
此文章可以使用目录功能哟↑(点击上方[+]) 经过这么一次女生赛,告诉我们千万不要小瞧女生,不然会死得很惨,orz... 链接→"巴卡斯杯" 中国大学生程序设计竞赛 - 女生专场( ...
- root 启动mysql_非root用户随开机而启动mysql服务
非root用户随开机而启动mysql服务 今天验证了一下,非root用户随开机而启动msyql服务的脚本执行效果,特此简要记录如下: 环境: 192.168.142.130 mysql 5.6.41 ...
- AWS re:Invent 大会 session 主题缩写含义
AWS re:Invent 每年都有很多主题演讲,每个演讲都有所属的主题.编号以及演讲题目,比如此链接所示:https://www.youtube.com/playlist?list=PLhr1KZp ...
- 【论文 CCF C】An adaptive portfolio trading system
An adaptive portfolio trading system: A risk-return portfolio optimization using recurrent reinforce ...
- GSL 系列 6 — 线性代数 4 — LQ 分解
文章目录 0 写在前面 1 LQ 分解相关函数 1.1 LQ 分解 1.2 LQ 解包 1.2 求解线性方程组 1.3 其他 参考 0 写在前面 关于 LQ 分解的背景知识介绍,参见:GSL 系列 6 ...
- Negative Sampling 负采样详解
在word2vec中,为了简化训练的过程,经常会用到Negative Sampling负采样这个技巧,这个负采样到底是怎么样的呢?之前在我的博文 word2vec算法理解和数学推导 中对于word2v ...
最新文章
- OpenCV3.3中逻辑回归(Logistic Regression)使用举例
- 静态配置_【实验】华为静态路由基础配置
- 事务控制语句,begin,rollback,savepoint,隐式提交的SQL语句
- 深度学习的数学 (1)基本概念
- Virtual Machine Manager 2008 2008 R2系列之安装部署
- java B2B2C Springboot电子商城系统
- 深入学习http协议(转)
- redis主从复制部署策略+jedis设置主从
- [2019.3.21]洛谷P3640 [APIO2013]出题人
- NameError: name “ ” is not defined
- 一个黑客的基本素养——社会工程学
- 微波射频学习笔记2--------传输线理论
- RFID通信系统框图
- python查看微信撤回消息怎么弄_Python | 查看微信撤回的消息(完整代码)
- 树莓派学习(一) 如何 关机 重启
- 成功体验Katalon框架测试安卓APK(一)
- python3 笔记6 字符串
- PDC钻头刀翼的设计方法
- 「ASO优化服务」APP如何做数据分析
- EOJ Monthly 2019.1 3675. 唐纳德先生与假骰子