The research paper that Volkswagen tried to block details a method through which an attacker could gain control over the car's engine start feature, without the key being near the car.
The attacker only needs to intercept a few communications between the key and the car, and by leveraging a security flaw in the car's built-in immobilizer, they can break the encryption key in less than half an hour, start the car's engine and make a clean getaway without ever being detected.
The fix for this security flaw involves changing the car's RFID chips, which means that affected companies need to recall all vulnerable models.
For this particular reason, Volkswagen sued the researchers in a UK court, trying to prevent them from publishing their data, arguing that this paper would make it very easy for a hacker to steal VW cars.
While true in their arguments, the problem is that Volkswagen hasn't been recalling cars to fix them in the meantime, and eventually, after two years of litigation, the court has allowed the researchers to publish their findings.: You are not allowed to view links.
Register or Login