Flavio Garcia, a security researcher from the University of Birmingham has been ordered not to deliver an important paper at the Usenix Security conference by an English court. Garcia, along with colleagues from a Dutch university, had authored a paper showing the security failings of the keyless entry systems used by a variety of luxury cars. Volkswagon asked an English court for an injunction censoring his work -- which demonstrated their incompetence and the risk they'd exposed their customers to -- and Mr Justice Birss agreed.
Garcia and his colleagues from the Stichting Katholieke Universiteit, Baris Ege and Roel Verdult, said they were "responsible, legitimate academics doing responsible, legitimate academic work" and their aim was to improve security for everyone, not to give criminals a helping hand at hacking into high-end cars that can cost their owners £250,000.
They argued that "the public have a right to see weaknesses in security on which they rely exposed". Otherwise, the "industry and criminals know security is weak but the public do not".
It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.
The scientists said it had probably used a technique called "chip slicing" which involves analysing a chip under a microscope and taking it to pieces and inferring the algorithm from the arrangement of the microscopic transistors on the chip itself – a process that costs around £50,000. The judgment was handed down three weeks ago without attracting any publicity, but has now become part of a wider discussion about car manufacturers' responsibilities relating to car security.
Scientist banned from revealing codes used to start luxury cars [Lisa O'Carroll/The Guardian]Next post