Cats, bags, and Volkswagens
Volkswagen has succeeded in getting a court order banning a researcher at the UK’s University of Birmingham from publishing a paper showing how to hack the access codes of the German carmaker’s range of luxury vehicles, among them Porsche, Audi, Bentley, and Lamborghini. Flavio García has cracked the algorithms that verify the identity of keys used to start the ignition, and that would in theory allow a car thief to send a false signal and start the vehicle.
The High Court ruling further illustrates the pointlessness of trying to prevent access to information: García’s work on Megamos Crypto is available on line. Presenting his research at a conference on security is in fact a way of protecting the owners of the vehicles in question, and forcing the manufacturer to find a solution. Far from protecting Porsche owners, the High Court ban is simply a way of pretending that the problem isn’t there, and by doing so, making things worse.
Meanwhile, at another conference, two US researchers, Charlie Miller and Chris Valasek have presented their own work showing how to hack into the control systems of connected cars such as Toyota’s Prius or a Ford Escape. Not only are these so-called White Hats able to present their findings, they are being given financial aid by US defense agency DARPA, a very different approach to Europe’s, and one that is much more in line with the times we live in.
The conclusion is obvious: as cars increasingly become computers on wheels, we can expect it to become increasingly possible to hack into them and accessing their anti-theft systems, or even meddling with their brakes and steering. For the moment, the US researchers have not been able to access a vehicle by remote control; the idea is to find ways to prevent the bad guys from being able to do so.
Such advances are the logical outcome of technological progress: new weaknesses become apparent, new challenges emerge, and new problems present themselves. Far from panicking, we need to tackle them calmly and maturely: we will always be better protected if these kinds of developments are the work of scientists who must answer to their peers, and who can highlight problems to manufacturers, obliging them to resolve them, or otherwise.
It is vital that the courts understand that in the modern world once the cat is out of the bag, there is no getting it back in. Anybody who has tried to gag a publication knows that the outcome will not only likely be futile, but also send out completely the wrong message to the public. From the moment the internet was born, and obstacles to publishing have gone, the more these kinds of issues are openly discussed, the better: cats should never be in bags in the first place.
