When walking home from work you notice that your neighbours front window is open. You realise that someone could pop in, grab their stuff and leave without anyone noticing so you go knock on their door and tell them. What happens next surprises you though, as your neighbour shouts at you and tells you to never speak of it again as they slam the door in your face. This is not the reaction you expect when you point out a problem with something and yet it seems to be the thing that happened back in 2012 with several major car companies.
Radbound University in the Netherlands discovered a security flaw in the security chip that’s used by companies such as Volkswagen, Audi, Fiat, Honda and Volvo. In typical fashion, they approached the companies and informed them about the issue only to find that they were being sued to suppress the paper.
The problem they discovered was in the immobilizer system commonly used by cars, in which a system detects the presence of a radio frequency chip close to the car or the ignition switch. If the chips detected, it lets the car start, otherwise it would disable the car. This specific breach though appears to be in the Megamos Transponder that helps transmit the information.
The key initially uses a 96bit secret key, but by eavesdropping on the communication they were able to reduce the possible options so that after a few tries they could breach the system. With it ranging from a few minutes to just under 30 minutes they could breach the system and start the cars easily.
So you find a problem and you inform them about the issue only to find it thrown in your face? How would you react?
Thank you Ars Technica for the information.
Image courtesy of Wired.