Forgot your password?
typodupeerror
Transportation Security The Courts

Judge Rules In Favor of Volkswagen and Silences Scientist 254

Posted by samzenpus
from the keep-your-mouth-shut dept.
sl4shd0rk writes "Samsung-is-not-as-cool-as-Apple Judge Colin Birss, rules in favor of Volkswagon to ban Flavio Garcia, a computer scientist, from revealing details about 'Wirelessly Lockpicking a Vehicle Immobiliser' at USENIX in August. Volkswagen says the flaw could allow someone to 'break the security and steal a car' so it is justifiable grounds for blocking Flavio's paper. No word yet on how soon Volkswagen will have a patch."
This discussion has been archived. No new comments can be posted.

Judge Rules In Favor of Volkswagen and Silences Scientist

Comments Filter:
  • by i kan reed (749298) on Monday July 29, 2013 @03:58PM (#44416145) Homepage Journal

    Only outlaws will have hackers, or something. It really doesn't work that way, but the protection of rich people's cars will only be temporary.

    • I suspect that the rich people's cars were safer anyway. You probably can't take a Bentley to a chop shop, and the police probably ONLY really investigate stolen cars that are worth significantly more than my 2006 toyota.
  • by h4rr4r (612664) on Monday July 29, 2013 @04:00PM (#44416171)

    The cars are vulnerable if he tells the world or not. The only difference is now only the bad actors know about the problem.

    He should have disclosed without notifying. That way they could not have stopped him.

    • by simonbp (412489) on Monday July 29, 2013 @04:03PM (#44416225) Homepage

      And now that is know that this specific vulnerability exists, it's relatively trivial for someone to repeat Garcia's work and publish it.

      • by Stumbles (602007) on Monday July 29, 2013 @04:06PM (#44416265)
        The Streisand effect strikes again. They will never learn.
      • by TubeSteak (669689) on Monday July 29, 2013 @04:56PM (#44416893) Journal

        , it's relatively trivial for someone to repeat Garcia's work and publish it.

        The speculation is that Garcia sliced the chip layer by layer to reconstruct the logic and algorithms that VW's Megamos Crypto uses.

        That's neither quick to do, nor trivial to recreate.

        • by lightknight (213164) on Monday July 29, 2013 @05:32PM (#44417231) Homepage

          Perhaps, but for someone who wants to yank thirty or forty cars off the street, with minimal risk, it might be worth a modest investment.

          You'd need what, an electron microscope, some custom software to trace the images you scan and convert them back to logic, then someone to write an app / engineer some hardware to make it trivial for you to grab anything you want. Assuming you are grabbing thirty new VWs, at $20K / pop...that's $600K...so, the cost of an electron microscope (may or may not be costly...might get a second-hand one for cheap), and an Electrical Engineer @ 120K + Computer Scientist / Software Engineer @ 120K (so they'll actually do the work, keep their mouths shut, and provide 'updates' to the software / hardware they design at an agreeable rate, since 30-40 cars might easily become 3000-4000 cars provided you don't act like a Mafia-Don and try to kill the wrong people / short the wrong people ("Hey, they did the job; now let's double-cross them, and whack them, so we can keep their share, and they can't tell anyone..." -> Hollywood derp -> Good people are hard to come by, and even harder to replace); I say updates, because the car companies will begin changing stuff as soon as they hear that their cars are getting snatched, and updates are cheaper with people you know, who are 'happy' with you, than people who are PO'ed at you, or are dead).

          Still, it seems a lot of work for little cash. Now, getting elected to the Board of Governors for the Federal Reserve...well, they can just print money when they need a little more. Now that's thinking with your head.

          • by Zalbik (308903) on Monday July 29, 2013 @06:17PM (#44417583)

            Ahh...but you are forgetting a few things:

            1) You have to double the estimate of your Software Engineer. In MBA school they taught us to always double the software guy's estimate.
            2) You haven't included any quality assurance!?! At least another $120k for a good QA team, plus the tools necessary for automated testing.
            3) You've got 3 people on the team now, so you should include a PM. That's another $240k at least.
            4) And you'll need a business analyst. Luckily, it should be easy to find one who isn't so "morality constrained". Say another $180k for them.

            Just to be on the safe side, you should overestimate everything by 50% (yes, I know we already doubled the dev estimate, but this is what Joe's MBA School of Mastering Business Administration and Cheap Web Hosting taught me).

            So overall, the cost is:
            Software Engineer: 240K
            Elecrical Engineer: 120K
            QA: 120K
            PM: 240K
            BA: 180K
            Subtotal: 900K
            Total (add 50% for good luck): 1.3 Million.

            Now you should add 15-20% per year for support/maintenance, etc. So it's 1.3 Million capital outlay, plus $260,000 per year.

            Pretty pricy, but still....it's cheaper than SAP.

            /sarcasm off

            • by mysidia (191772) on Monday July 29, 2013 @07:40PM (#44418295)

              Now you should add 15-20% per year for support/maintenance, etc. So it's 1.3 Million capital outlay, plus $260,000 per year.

              Ugh... that's way too expensive; you need to lay someone off.

              Lay off one software engineer to save 40K

              Cut everyone else's Salaries by 60%. Give the CEO a 500K bonus.

              New cost tally:
              Software Engineering: Outsourced to China: 10K
              Elecrical Engineer: 48K
              QA: 48K
              PM: 96K
              BA: 72K
              Bonus for CEO: 500K
              Discount due to cooking books: -200K
              Subtotal: 574K

              Total Money saved: 726K (56% cost reduction)

        • What if it's a software bug?

          Most automobiles these days have their wiring harnesses drastically simplified by replacing enormous numbers of point-to-point wires with a digital bus, conforming to one of a small handfull of standards. These control everything from the engine to the seat adjustments to the outside rear-view mirror angles, to the door locks.

          If you can inject your own packets on such a bus, you can command the car to open the doors and start the engine.

          Now it may be possible to inject commands

    • Re: (Score:3, Interesting)

      by iggymanz (596061)

      what the hell? The scientist is from the UK, they don't even have a constitution, much less a bill of rights with amendment mentioning free speach.

      Cue the Limey-o-philes with "UK has a constitution but it's not written" bullshit

      • by h4rr4r (612664) on Monday July 29, 2013 @04:11PM (#44416329)

        Sure, this is why we have one though. Our founding fathers knew not having one was too dangerous.

        • by Lumpy (12016) on Monday July 29, 2013 @04:45PM (#44416737) Homepage

          Yeah and our scumbag leaders wipe their ass with it daily.

          Oh that right is protected by the constitution? Now you are an enemy combatant, it doesn't protect you anymore. Yes, we are calling you that for wearing blue on orange mondays... to the waterboarding with you!

          • by lgw (121541)

            You might pick a better example (it's not like it's hard to find examples of our leaders wiping their ass with the constitution, after all).

            There's nothing wrong with calling someone who participates in combat against the US military on foreign soil an "enemy combatant".

          • Lol, I was particularly touched that they consider insistence on having any rights to be symptoms of grandiose behavior, and evidence of psychological distress...I think some of the (everyone's favorite) DSM (perhaps one of the later editions) has, perhaps, one or two disorders which read something to that effect. And sadly, many years later, I can finally see exactly why they would think someone is insane for thinking that...because they're right; you don't have any rights, and that piece of paper is a lie

        • by SLi (132609) on Tuesday July 30, 2013 @04:39AM (#44420849)

          Yeah, I'm sure nothing like this could ever happen in the US [wikipedia.org] due to your ah-so-fantastic First Amendment.

          That case, by the way, is very close to this one. MBTA was granted a Temporary Restraining Order that prevented the researchers from discussing their findings in the conference where they intended to do it. Which is *exactly* what has happened here so far.

          • by RevDisk (740008)
            Temporary Restraining Order is not a permanent restraining order. It's usually meant to give a chance for the legal system to hear arguments before a permanent solution is implemented. Similar to say, the difference between arrests and convictions. It's a routine thing, it was solely the timing that was a scumbag tactic.

            http://www.revdisk.net/gal/Defcon16/MTA01.jpg [revdisk.net]

            I was in the audience at the time of that presentation. The presentation WITH ALL THE TECHNICAL INFORMATION was on the disk that was handed
      • by Anonymous Coward on Monday July 29, 2013 @04:28PM (#44416535)

        You also have secret courts...

      • A limey writes (Score:5, Informative)

        by maroberts (15852) on Monday July 29, 2013 @04:41PM (#44416695) Homepage Journal

        No we don't have a Bill of Rights, but we do have the European Convention on Human Rights incorporated into UK Law, which does have an Article 10: Freedom of Expression [wikipedia.org]. There are restrictions in the European version as opposed to the simpler US one though....

        • by Shimbo (100005)

          No we don't have a Bill of Rights

          Er, yes we do. We had it first.

          • by maroberts (15852)

            You win - forgot about the 1689 Bill of Rights. I was only little then. :-)

    • by steelfood (895457) on Monday July 29, 2013 @04:12PM (#44416349)

      Nah, that'd be unreasonable. What would be more reasonable is that now that Volkswagon is known to not act in good faith (i.e. lawsuit ensue) after an act of responsible disclosure, there's no good reason to first notify them about any subsequent security holes.

    • by cultiv8 (1660093) on Monday July 29, 2013 @04:14PM (#44416371) Homepage
      Here's a video [youtube.com] on how they do it on BMW's, same method as A4. Feel free to go here [vag-info.com] and buy the device yourself.
    • by Sir_Sri (199544) on Monday July 29, 2013 @04:25PM (#44416495)

      The only difference is now only the bad actors know about the problem.

      Know about but not necessarily how to actually do it. About all they know is from the guardian article that it took upwards of 50 000 GBP worth of equipment (and some security researchers) to actually figure out how to do it.

      He should have disclosed without notifying. That way they could not have stopped him.

      The point of notification is to give them an opportunity to fix it. The problem with cars is that 'fixing' it may not be possible, or may be astronomically expensive.

      Volkswagon wanted them to publish a redacted version of the paper, that explained how they did the hack but not the actual key (codes) they discovered, and they refused. That seems kind of dickish on the researchers parts honestly. It depends on the details of what exactly was to be redacted, so I'll withhold too much judgment, but with things that aren't connected to the internet there's a big problem in trying to actually roll out fixes. Of course there's no point in publishing a paper if you can't say anything about your method used, and if anything interesting about that was redacted it's basically a non starter.

      As we embed computers into more things this is going to be a bigger problem going forward. Are we going to need to replace 100 dollar car FOB starters every time there's a security hack? I suppose it might come to that, it's not like physical car locks are all that secure either. But if the hack requires 100 000 dollars in equipment and professional security expert time that puts the barrier to common criminals high.

      The researchers main point seems to be that they aren't saying anything that isn't already public just from a different method. In that case sure, I suppose they could have just published and the situation wouldn't be much different. But I'm not sure how true their claim is.

      • by Samantha Wright (1324923) on Monday July 29, 2013 @04:30PM (#44416567) Homepage Journal
        cultivat8 posted instructions [slashdot.org] a few minutes before you made your post, so that cat's out of the bag. Now the only value this suppression serves is in protecting the ignorance of people who are in danger; the car company saves a bit of face with its less-aware customers and investors, and that's about it.
      • by h4rr4r (612664)

        If you notify they will just sue you instead of fixing it. Which is what VW has now done.

        Car locks could be very secure, car companies chose POS methods. $100,000 is not a big deal when you can do the research and sell the results to crime rings.

    • by Anonymous Coward

      " He should have disclosed without notifying. That way they could not have stopped him. "

      BINGO.

      Quit trying to give the manufacturers / developers the benefit of the doubt here. Time and time again it's obvious they're not interested in doing the right thing, but rather resorting to litigation to shut people up about critical flaws in their product. I know it's bragging rights and all that, but you really should keep your mouth shut until AFTER you've made the disclosure public.

      Unless they're paying $$$ for

      • by plover (150551)

        Others have gone so far as to suggest it's safer to stay low, and simply sell the vulnerabilities to the highest bidder. Pocket the money, and let someone else worry about if it's a good guy or a bad guy buying it.

        It's a completely amoral stance, of course, and I don't personally agree with it. But when a well-intentioned bug report can easily turn into an accusation of violating the Computer Fraud and Abuse Act by someone sleazy company who doesn't want to pay to fix their own vulnerabilities, it's an ap

    • The cars are vulnerable if he tells the world or not. The only difference is now only the bad actors know about the problem.

      He should have disclosed without notifying. That way they could not have stopped him.

      Believe me, as first-amendment crushing lawsuits like this become "standard" the "no notice" release of major flaws will also become standard.

      Then the government will be lobbied to label these researchers who release without prior notice to be "terrorists" or "aiding the enemy" and lock them in prison for "abetting car theft" or some such similar nonsense.

      For that matter, why not just lock up every security researcher that won't sign an agreement (in advance) to only release security research with the appro

      • by ArsonSmith (13997)

        This is akin to not being allowed to yell fire in a crowded move house, when there actually is a FIRE!

  • Solution timetable (Score:4, Insightful)

    by spire3661 (1038968) on Monday July 29, 2013 @04:00PM (#44416183) Journal
    Shouldnt Volkswagen be forced to provide a timetable as to when this will be fixed so the temporary egregious act of suspending the First for this person can be lifted? It is Volkswagen's fault, they need to fix it now.
    • by truthsearch (249536) on Monday July 29, 2013 @04:06PM (#44416279) Homepage Journal

      Suspending the first... amendment? This didn't happen in the USA.

      • by bill_mcgonigle (4333) * on Monday July 29, 2013 @04:13PM (#44416361) Homepage Journal

        Suspending the first... amendment? This didn't happen in the USA.

        And the presentation will likely go forward at USENIX (in Washington DC) with the other two co-authors, from the Netherlands. It's one researcher in the UK who's getting boned by his government.

      • by tragedy (27079)

        But it was going to be disclosed in the US at a conference by a UK subject. This concept that all people are under the jurisdiction of their home government at all times has become a bit worrying. Frankly, it seems like the legal concept of jurisdiction has been virtually thrown out the window in recent years.

    • by rwise2112 (648849) on Monday July 29, 2013 @04:17PM (#44416421)

      Shouldnt Volkswagen be forced to provide a timetable as to when this will be fixed so the temporary egregious act of suspending the First for this person can be lifted? It is Volkswagen's fault, they need to fix it now.

      So it seems that some form of this Megamos Crypto is used by just about all manufacturers. Does anyone know if all versions are broken? Since they all use it, it may come from a 3rd party, so Volkswagen may noy know when or how to fix it.

      • by h4rr4r (612664)

        Why in the 21st century is anyone stupid enough not to use proper crypto?
        In the world of crypto proprietary means so flawed I cannot show you how it works or it stops being crypto.

        • by Lumpy (12016)

          OR just a physical Key? Honestly VW and all these companies are complete and utter retards for going 100% electronic.

          • by h4rr4r (612664)

            I think you could go 100% electronic and do it correctly. id_rsa.pub and authorized_keys seems to be 100% electronic and works pretty well. SSHing into my car to open the doors would be pretty sweet.

            • by Lumpy (12016)

              I can do it with less than $300 in parts. RasPi, relay shield and a GSM data dongle. All done.

              apt-get install car-door-unlocker

        • by AmiMoJo (196126) *

          Because proper crypto is hard and even if you spend vast amounts of money on it and hire good people there are often still flaws. Look at things like the DRM on BlyRay discs. Very expensive, very carefully implemented, and still didn't last very long.

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            That's not a crypto flaw, that's a logic flaw. You can't give someone an encrypted message and the key to decrypt it, and then expect that there's a way to prevent them from decrypting the content. It's just not possible.

  • by Arkiel (741871) on Monday July 29, 2013 @04:02PM (#44416211) Journal
    This did not occur in the US. The US Constitution is not implicated.
  • Judge Colin Birss, rules in favor of Volkswagon to ban Flavio Garcia, a computer scientist, from revealing details about 'Wirelessly Lockpicking a Vehicle Immobiliser' at USENIX in August.

    How about if it "turns out" that this fella Flavio Garcia wasn't doing research alone, and that members of his team would want to "leak" the details on torrent sites?

    We could still get them, no?

    By the way, who believes that the fella Flavio Garcia, is the only fountain of knowledge on the matter?

    • by Nyder (754090) on Monday July 29, 2013 @04:10PM (#44416327) Journal

      Judge Colin Birss, rules in favor of Volkswagon to ban Flavio Garcia, a computer scientist, from revealing details about 'Wirelessly Lockpicking a Vehicle Immobiliser' at USENIX in August.

      How about if it "turns out" that this fella Flavio Garcia wasn't doing research alone, and that members of his team would want to "leak" the details on torrent sites?

      We could still get them, no?

      By the way, who believes that the fella Flavio Garcia, is the only fountain of knowledge on the matter?

      It doesn't matter. Now everyone knows it can be done, other people will be working on it. Criminals probably.

      Sort of like how once we made a nuclear bomb, other scientist were able to make nuclear bombs.

      • by steelfood (895457)

        Well, not quite the perfect analogy. Nukes are quite complicated. U.S. scientists built the first nuke (though there's quite a bit of evidence that Hitler would've had it if not for certain scientists' subtle sabotage), and most of the other countries "acquired" those blueprints shortly.

  • by tysonedwards (969693) on Monday July 29, 2013 @04:03PM (#44416237)
    For vehicles that have already been sold, I'd venture a guess somewhere between when the sun burns out and never.
    • VW is actually really good about fixing things like this. My TDI has had a dozen software changes by them due to other things and a half dozen other little fixes they caught after it was sold as new in 2010. I got a letter in the mail last week of another fix they want to put in place because idiots keep putting gas in their TDI's too.

      I imagine as soon as they have a fix ready they'll send me another letter asking me to bring it by for the recall notice.

      • by g0bshiTe (596213)
        VW announces new 2010 TDI beta!
      • VW has one of the worst ratings on consumer reports of any company. Their cars are junk. I was interested in the TDI because it's one of the few affordable diesels sold in the US but the user ratings on that car are horrendous and repair bills expensive. Yours is only 3 years old so it's rather telling how many times you've had to take it in already. I've got a 2009 Ford Escape and it's never had to be taken in. I believe there was 1 recall and it was for the seat covers, which I don't have in mine.

      • by msauve (701917)
        A fix presumably involves not only a software change in the car, but new key fobs for everyone. Ones which can't be reverse engineered by "chip slicing."
  • Spellcheck! (Score:4, Informative)

    by intermodal (534361) on Monday July 29, 2013 @04:04PM (#44416245) Homepage Journal

    FFS, it's Volkswagen, with an E.

    • by omnichad (1198475)

      It's not so much a typo as it is an accidental translation to English. It's only 2 letters off from English - Folkswagon. What spell check has a list of commercial entities' proper names?

  • by thejynxed (831517) on Monday July 29, 2013 @04:04PM (#44416251) Homepage

    These cars with remote/keyless entry and start are already being stolen, even directly off of dealer lots. The criminals have already figured out what he was going to present, and are using it to their advantage.

    • by TheSpoom (715771)

      Ah, that means that in addition to not being able to tell people about it, the researcher will now be liable, perhaps even criminally so. Just wait.

    • These cars with remote/keyless entry and start are already being stolen, even directly off of dealer lots. The criminals have already figured out what he was going to present, and are using it to their advantage.

      Do you know whether they've been using this specific hack though, or whether they've been breaking into cars with the same sort of "security" system? That does make a difference. Otherwise it's like saying that computers get hacked, so it doesn't matter how you reveal information about a specific exploit.

    • These cars with remote/keyless entry and start are already being stolen, even directly off of dealer lots. The criminals have already figured out what he was going to present, and are using it to their advantage.

      And why my Mini dealer was very clear about why you have to insert the space age key in order to start the car, and they have no auto start option. Don't think that the dealers don't know that they are selling a defective product.

  • by Luthair (847766) on Monday July 29, 2013 @04:10PM (#44416317)
    How can a UK judge exercise anything over something happening in the US? Not that the US court system doesn't frequently overreach into things occurring outside its borders as well.
    • Because a UK citizen is subject to UK law?

      • by Luthair (847766)
        With the exception of sex tourism people aren't usually subject to the laws of their country abroad. (Barring contracts signed of course). e.g. If you were to go to Thailand and paint some graffiti you wouldn't get taken to the local magistrate once you got back home.
        • I can't comment for other countries, but in the back of my passport (Australian) it explicitly says that I am subject both to the laws of the country I am currently in, and to Australian law. You are probably right that for something like graffitti they are unlikely to actually do anything about it, but you are still breaking the law.

  • by DoofusOfDeath (636671) on Monday July 29, 2013 @04:11PM (#44416331)

    That guy should totally come to the USA. Then he'd have the full protection of the U.S. Constitution, guaranteed by Eric Holder and Barak Obama themselves!!!

  • by hawguy (1600213) on Monday July 29, 2013 @04:16PM (#44416407)

    I sure hope someone doesn't "accidentally" break into his computer, steal the exploit and publish it in the wild. Wouldn't want to force VW into finding a solution. Much better to pretend that only the white-hat hackers know about the hack and that the bad guys are too stupid to have figured it out. Security through pretending is the best security.

  • by zenrandom (708587) on Monday July 29, 2013 @04:21PM (#44416469) Journal
    I'm going out on a limb, disclosing this publicly and all. But all vehicles on the roads today are vulnerable to a nefarious flat bed truck with a winch. Said driver pulls up to the vehicle, lowers the ramp, attaches the winch, and pulls the target vehicle onto the truck. Once vehicle is secured to the truck, they drive away. I've not contacted any manufacturers on this vulnerability, but I feel that disclosing it publicly may keep the public informed.
    • by couchslug (175151)

      A snatch truck with a wheel lift is even quicker, and having done repos with a friend I can say bystanders rarely say or do anything.

      Once you get the vehicle off the property they can't legally block you from taking it (in my State) so we'd shoot the wheel lift under whatever end of the car was handy. Depending on the car we'd even leave a hitch ball attached to the wheel lift and snag the lower core brace (they were all owned by my buds car lot) and drive off instantly rather than locking the wheel lift ba

  • by GodfatherofSoul (174979) on Monday July 29, 2013 @04:31PM (#44416577)

    It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.

    My only objection to hackers revealing exploits is they must give the affected company time to fix the problem. This time is going to be longer for VW since their software is literally running all over the world. But, 4 years is ample time.

    I'd be curious to know exactly what VW has done to address the problem, or more broadly did they even *bother* to fix the problem.

    • by Lehk228 (705449)
      companies have shown time and time again they do not properly handle "responsible disclosure" as in this case they use the courts to silence the messenger.

      the only remaining option is immediate, anonymous full disclosure, preferable released as a metasploit module in order to maximize the consequences for sloppy and reckless vendors
  • by Anonymous Coward on Monday July 29, 2013 @04:42PM (#44416713)

    I almost don't want to post this, rather than continue to watch the slashdot flock get herded around the meadow yet again. But guess what. The arstechnia article (ironically headlined "High court bans publication of car-hacking paper") states:
    "The company asked the scientists to publish a redacted version of the paper without the crucial codes, but the researchers declined, claiming that the information is publicly available online."

    So yeah, the publication of the paper was never at stake.

    This little tidbit makes most of the above comments (including those already up to +5) look pretty ridiculous.

  • How is this not different from banning people from saying that if you break the window of a building you can get in an steal things?

  • by julian67 (1022593) on Monday July 29, 2013 @05:01PM (#44416955)

    In the article:
    "The judge, Colin Birss, ultimately sided with the car companies, despite saying he "recognized the importance of the right for academics to publish.""

    This is very misleading. The judge did not "ultimately" side with anyone because this is an *interim* injunction during the course of more prolonged litigation. Citation:

    http://www.bbc.co.uk/news/technology-23487928 [bbc.co.uk]
    and
    http://www.itpro.co.uk/security/20291/vw-gets-high-court-bans-scientists-revealing-luxury-car-security-codes [itpro.co.uk]

    The purpose of the interim injunction is to temporarily maintain the status quo while further evidence and arguments are presented, prior to any actual and significant judgement.

    Once again slashdot avoids objective reporting and instead offers its readers what they actually prefer and craze: dishonest, misleading, untrue versions of the world that play to the infantile prejudices of the average self righteous and privileged pseudo liberal.

    • by julian67 (1022593)

      crave not craze. Slashdot's hysteria and ineptitude is so contagious that I'm going cravy.

  • The Dutch university of the other two hackers has asked a Dutch court to let them release their findings.

    http://www.telegraaf.nl/binnenland/21769604/__NL_se_vinding_geblokkeerd__.html [telegraaf.nl]

    Form the University site: http://www.ru.nl/english/general/news_agenda/news/@895890/radboud-university-0/ [www.ru.nl]

    Interesting is the statement VW was informed about the problem nine months ago and Dutch Government/Jurisprudence finds 6 months of silence already sufficient.

  • If the paper is published then I am 100% sure that you will see actual car thefts; which is bad. But I would not be 100% sure that this isn't already happening. I recently watched a video where people were remotely opening new high-end cars to break into them. The video claimed that this was a new and unknown attack.
    http://abcnews.go.com/US/video/car-thieves-tech-gadgets-baffle-police-18891078 [go.com]
    This may or may not be the same attack but regardless open information that names and shames is critical not onl

Truly simple systems... require infinite testing. -- Norman Augustine

Working...