Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Transportation Bug Censorship Security United Kingdom

English High Court Bans Publication of 0-Day Threat To Auto Immobilizers 168

Posted by timothy from the driving-on-the-wrong-side-would-work-too dept.
An anonymous reader writes "The High Court — England's highest civil court — has temporarily banned the publication of a scientific paper that would reveal the details of a zero day vulnerability in vehicle immobilisers and, crucially, give details of how to crack the system. Motor manufacturers argued that revealing the details of the crack would allow criminals to steal cars. Could this presage the courts getting involved in what gets posted on your local Bugzilla? It certainly means that software giants who dislike security researchers publishing the full facts on vulnerabilities might want to consider a full legal route."
This discussion has been archived. No new comments can be posted.

English High Court Bans Publication of 0-Day Threat To Auto Immobilizers More

English High Court Bans Publication of 0-Day Threat To Auto Immobilizers

Comments Filter:

  • Re:that settles it (Score:5, Informative)

    by hutsell ( 1228828 ) on Sunday July 28, 2013 @12:03AM (#44403915) Homepage

    Keeping in mind; temporarily banned. Synopsis from another article by the Guardian:

    The University of Birmingham's Flavio Garcia, British computer scientist, cracked the security system by discovering the unique algorithm that allows the car (Porsches, Audis, Bentleys and Lamborghinis — leaves me out) to verify the identity of the ignition key.

    Is this meant to be a temporary injunction until these auto companies resolve their problem, which seems to be the right thing to do? However, if it isn't temporary and turns out to be kind of permanent because they think these companies will save a lot of money by not having to deal with the problem, then they're deluding themselves. Someone into stealing cars already knows or now knows a solution exists and will soon know the algorithm in one way or another.

    It would be nice if the method used to find the solution was eventually made public. Then someone might be able to create a defense to variations on the discovery and prevent this from being applied to other vehicles; a breach that may already exist, if not now, perhaps at a later time?

  • Re:that settles it (Score:5, Informative)

    by Anonymous Coward on Sunday July 28, 2013 @12:59AM (#44404103)

    The US income tax was a "temporary" measure. US copyrights are supposed to be "temporary".

    In real life, the powers that be want the guy muzzled.

    The lesson learned is to do one of three things if finding an exploit:

    1: Release it far and wide anonymously. This puts people at risk, but when customers are being attacked, vendors will fix problems. However, this is a career killer, if one is found to do this, perhaps might run them afoul of the law in their area.

    2: Release both a warning to the company anonymously, then release the exploit, both anonymously. Again, similar to #1, it can kill a career.

    3: Have "escrow agents", and let the vendor know. If they attempt to shoo the problem under the rug, the "anonymous" posters from other countries will ensure it gets out even if the person who found the bug has disappeared.

  • Re:They never fixed it so far (Score:5, Informative)

    by Cederic ( 9623 ) on Sunday July 28, 2013 @10:00AM (#44405865) Journal

    erm. BMW did fix this, and upgraded the software in my car for free with the fix.

  • Re:They never fixed it so far (Score:4, Informative)

    by nosferatu1001 ( 264446 ) on Sunday July 28, 2013 @01:07PM (#44406997)

    Misinformation abounds...

    This. Problem. WAS. fixed. Through a recall, and an update during routine service.

    Disclosure: I work for BMW UK. The storm we had following watchdog didnt help.

Slashdot Top Deals

The one day you'd sell your soul for something, souls are a glut.

Close