Skip to content

Cyber theft and your car

We all know that our cars are becoming more sophisticated and generally that is a good thing. Advanced braking systems stop us much faster than before and stability control keeps us on the straight and narrow. Electronic engine control units tune our engine to maximum performance, while parking sensors prevent our little bumps and scrapes.

We all know that our cars are becoming more sophisticated and generally that is a good thing. Advanced braking systems stop us much faster than before and stability control keeps us on the straight and narrow. Electronic engine control units tune our engine to maximum performance, while parking sensors prevent our little bumps and scrapes. Our sat-nav units even prevent us from getting lost. Another area where things have been advancing rapidly is security. Back in the 70s you could unlock most cars with a bent fork and a coat hanger and alarms were almost unheard of. Nowadays, of course, we have sophisticated electronic locking systems and the days of casual car theft seem long gone.

Now, however, we face a different threat. Instead of joy riders, our cars could be falling prey to a new type of criminal: the computer hacker. We all know that our computers at home are vulnerable to viruses and cyber attacks but now it seems that our cars face similar threats. The problem surrounds the way our electronic keys open our cars. Most of us are familiar now with simply pushing a button on our key fob to open the cars doors but how does the car know that it is the correct key?

As it turns out, the key sends a unique code to the car, which recognises it as genuine and opens accordingly. The problem with all this sophistication is that nothing in the computing world is truly random. The codes have to be worked out according to an algorithm. Much of the car industry uses an algorithm programme called Megamos Crypto and it has now been cracked. British based scientist Flavio Garcia at the University of Birmingham has broken the code and that has caused consternation throughout the car industry.

Now the High Court in England has issued an injunction against Garcia, preventing him from publishing his findings. His paper, entitled 'Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser' was due to be published at an academic conference, the Usenix Security Symposium in Washington DC, in August but the interim decision will prevent that. The academic insists that his work is designed to uncover flaws in the system in order that it might be improved but car giant Volkswagen, who took out the injunction, says that it could lead to a wave of cyber car thefts. More worryingly, it emerged in court that the software behind the code has been available on the Internet since 2009, leading to fears that criminal gangs may already be unpicking the codes that secure your car.
 

Posted by on

Back to July 2013

Back to top