Silenced for two years by Volkswagen, car hackers reveal their paper into security hole

Two years ago, a trio of researchers were preparing to present the findings of their investigation into the security of car immobilisers used by luxury cars.

The way these devices are supposed to work is like this:

You sit in your car, and push the “Start” button. The engine should remain immobilised, and refuse to start, unless a cryptographic algorithm on the key’s RFID transponder correctly verifies the identity of the key being used to start the motor.

If you don’t have the right key on you, the car should refuse to start. The car thief, hopefully, walks away in frustration.

The researchers, a lecturer in Computer Science at the University of Birmingham in the UK, and two colleagues from the Radboud University in the Netherlands, found a problem with the Megamos Crypto system used on some cars, and believed that the public had a right to know about the security weakeness.

The research paper planned for presentation at the USENIX Security Symposium in August 2013, would describe both the algorithm and the weakness within it.

However, their hopes of making the flaws public were dashed by the UK’s High Court of Justice, who ordered that the talk should not be presented and that key parts of their research must not be published.

The court’s concern was that the research by Flavio Garcia, Baris Ege and Roel Verdult would mean “that car crime would be facilitated”, as criminals could exploit the security weakness to steal expensive cars such as Audis, Bentleys, Porsches, and Lamborghinis.

And who had asked the court to silence the researchers? Car manufacturing giant Volkswagen and French defence group Thales.

Now, in August 2015, the researchers’ paper is finally being presented at the USENIX security conference in Washington DC, two years later than originally planned, detailing how the Megamos Crypto system – an RFID transponder that uses a Thales-developed algorithm to verify the identity of the ignition key being used to start their motors – can be subverted.

In other words, the researchers explain how they managed to wirelessly lockpick car immobilisers – a technique which could also be used by sophisticated car thieves, stealing expensive cars to order.

The research paper itself is already available for download.

As Bloomberg reports, the problem is not necessarily limited to high-end vehicles such as Volkswagen-owned luxury brands as Audis, Bentleys and Porsches, but also Fiats, Hondas, and Volvos.

In the chart below, taken from the researchers’ paper, vehicles are shown that have used Megamos Crypto, with those specifically experimented with shown in bold.

 

In their paper, entitled “Dismantling Megamos Crypto: Wirelessly Lock-picking a Vehicle Immobiliser”, the researchers claim that they found a software program on the internet containing the Megamos Crypto algorithm, and were able to find a weakness enabling it to be compromised.

Disturbingly, the researchers claimed that the program had been available on the internet since 2009, giving plenty of opportunity for the criminally-minded to make similar discoveries.

The researchers had told Swiss firm EM Microelectronic, the manufacturers of the microprocessor included in the immobiliser used by Volkswagen, about the security hole in 2012, and then to Volkswagen directly in May 2013.

According to researcher Roel Verdult speaking to Bloomberg, the paper’s final release into the public domain comes with one sentence redacted:

“This single sentence contains an explicit description of a component of the calculations on the chip,” Verdult said, adding that by removing the sentence it was much more difficult to recreate the attack.

As such, maybe the paper in its current form is not quite a blueprint for sophisticated criminals to steal luxury cars with ease, but there remains a clear problem for the car manufacturers who have sold millions of vehicles with potentially vulnerable systems.