Jump to content

VW tried covering up Keyless entry security flaw


Wishcumstrue
 Share

Recommended Posts

http://www.bloomberg.com/news/articles/2015-08-14/vw-has-spent-two-years-trying-to-hide-a-big-security-flaw

 

Thousands of cars from a host of manufacturers have spent years at risk of electronic car-hacking, according to expert research that Volkswagen has spent two years trying to suppress in the courts.

“Keyless” car theft, which sees hackers target vulnerabilities in electronic locks and immobilizers, now accounts for 42 percent of stolen vehicles in London. BMWs and Range Rovers are particularly at-risk, police say, and can be in the hands of a technically minded criminal within 60 seconds.

Security researchers have now discovered a similar vulnerability in keyless vehicles made by several carmakers. The weakness – which affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers – was discovered in 2012, but carmakers sued the researchers to prevent them from publishing their findings.

 

 

Vehicles that used Megamos Crypto for some version/year.

The models in bold are those that the research team experimented with.

 

vw-key-fob.jpg

488x-1.jpg

↡ Advertisement
  • Praise 1
Link to post
Share on other sites

What is your agenda to single out vw in the title when there are tonnes of car maker with the same problem? ...Hehe. [grin]

 

No agenda against any specific model or folks who love VW lah.

 

Reason is I based on Bloomberg's yesterday report which specifically mentioned VW for using legal means to prevent researchers from releasing their finding to the public.

 

The discovery was made 2012 and VW's lawyers, until now, managed to get court order to silence them.

 

You can see their presenaton on youtube and the researchers obj was to force car makers to use more secured system.

  • Praise 1
Link to post
Share on other sites

 

No agenda against any specific model or folks who love VW lah.

 

Reason is I based on Bloomberg's yesterday report which specifically mentioned VW for using legal means to prevent researchers from releasing their finding to the public.

 

The discovery was made 2012 and VW's lawyers, until now, managed to get court order to silence them.

 

You can see their presenaton on youtube and the researchers obj was to force car makers to use more secured system.

 

I read the article, they eventually allowed release of the information with a missing sentence that makes it hard for others to exploit it (leave out a vital clue to the vulnerability).

 

I believe the security group orginally wanted to release the information wholesale to force the manufacturers to change the systems entirely.

 

I can see where VW is coming from.

Link to post
Share on other sites

I think the biggest cover up in our SG market is the takata airbag issue in so many of the affected models. Yet those ADs still keeping quiet, pretend nothing happen, adopting the wait and see approach because it sure is gonna be damn costly for them to do any recall.

 

This airbag thing has already seen death in some nations but of course in SG, when it doesn't happen, people don't bother. Only when something does happen, then you will see some reactions. <_<

  • Praise 3
Link to post
Share on other sites

 

I read the article, they eventually allowed release of the information with a missing sentence that makes it hard for others to exploit it (leave out a vital clue to the vulnerability).

 

I believe the security group orginally wanted to release the information wholesale to force the manufacturers to change the systems entirely.

 

I can see where VW is coming from.

 

This security weakness isn't VW's fault and all they need is to get Megamos Crypto who made the transponder to fix their weak alogithem, which in fact was reversed engineered without breaking any law.

 

Trouble is VW see the researchers as hackers when they can actually help VW, doing it FOC and actually notified VW via email and registered mails informing them of the problem.

 

For over 6 months, VW didn't even bothered to respond. That is why the researchers wanted to share that to the public.

 

 

 

 

 

 

 

Trobu

Link to post
Share on other sites

A month or so ago I hired a VW Polo. nearly new, 3000km on the clock.

 

It had the ignition cut out 'when you stopped'.

 

It was absolutely crap.

 

In future I will never rent a VW.

 

I hope other manufacturers don't have this sort of feature.

 

It comes under the heading of 'it's something we can do so we must do it even though it's not a good idea'.

Link to post
Share on other sites

A month or so ago I hired a VW Polo. nearly new, 3000km on the clock.

 

It had the ignition cut out 'when you stopped'.

 

It was absolutely crap.

 

In future I will never rent a VW.

 

I hope other manufacturers don't have this sort of feature.

 

It comes under the heading of 'it's something we can do so we must do it even though it's not a good idea'.

Isn't it just the stop/start function working? All brands have this now, be it European, Japanese or Korean.

  • Praise 1
Link to post
Share on other sites

Ford has cars made in Germany too like VW and Audi. Some parts used has to be common. Hyundai is popular in Europe, Peugeot too.

Maybe their cars are not high tech at that time?

Toyota the world most favourite is missing in the list too?

Toyota is not in the list too?

Japanese car brands share the most common parts.

  • Praise 1
Link to post
Share on other sites

Isn't it just the stop/start function working? All brands have this now, be it European, Japanese or Korean.

 

Didn't know that as my cars are both 9 years old.

 

But the stop start is imo a useless feature.

 

Can it be turned off on any other models.

On the VW polo I hired it was always on.

  • Praise 1
Link to post
Share on other sites

What is your agenda to single out vw in the title when there are tonnes of car maker with the same problem? ...Hehe. [grin]

 

Give you 5 points.

 

For once, you "defended" VW brand. [laugh][thumbsup]

Link to post
Share on other sites

Isn't it just the stop/start function working? All brands have this now, be it European, Japanese or Korean.

 

My TSI 1.4l was supposed to have this function but I have deliberately chosen not to have this feature.

 

Too many electronic features and I do not like to have too much electronics in my car which unfortunately is inevitable in most cars these days.

  • Praise 1
Link to post
Share on other sites

 

Didn't know that as my cars are both 9 years old.

 

But the stop start is imo a useless feature.

 

Can it be turned off on any other models.

On the VW polo I hired it was always on.

 

Yes I agree it's a useless feature too but i'm sure it can be turned off lah. you probably didn't know how to.

Link to post
Share on other sites

I think the biggest cover up in our SG market is the takata airbag issue in so many of the affected models. Yet those ADs still keeping quiet, pretend nothing happen, adopting the wait and see approach because it sure is gonna be damn costly for them to do any recall.

 

This airbag thing has already seen death in some nations but of course in SG, when it doesn't happen, people don't bother. Only when something does happen, then you will see some reactions. <_<

 

That line reminded me of a scene in Fight Club. Couldn't find the video, but here's the audio. I think something similar could be happening.

 

https://www.youtube.com/watch?v=wIdmkETuWeM

 

↡ Advertisement
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...