Forgot your password?
Transportation Security The Courts

Judge Rules In Favor of Volkswagen and Silences Scientist 254

Posted by samzenpus
from the keep-your-mouth-shut dept.
sl4shd0rk writes "Samsung-is-not-as-cool-as-Apple Judge Colin Birss, rules in favor of Volkswagon to ban Flavio Garcia, a computer scientist, from revealing details about 'Wirelessly Lockpicking a Vehicle Immobiliser' at USENIX in August. Volkswagen says the flaw could allow someone to 'break the security and steal a car' so it is justifiable grounds for blocking Flavio's paper. No word yet on how soon Volkswagen will have a patch."
This discussion has been archived. No new comments can be posted.

Judge Rules In Favor of Volkswagen and Silences Scientist

Comments Filter:
  • by iggymanz (596061) on Monday July 29, 2013 @04:05PM (#44416255)

    what the hell? The scientist is from the UK, they don't even have a constitution, much less a bill of rights with amendment mentioning free speach.

    Cue the Limey-o-philes with "UK has a constitution but it's not written" bullshit

  • by Nyder (754090) on Monday July 29, 2013 @04:10PM (#44416327) Journal

    Judge Colin Birss, rules in favor of Volkswagon to ban Flavio Garcia, a computer scientist, from revealing details about 'Wirelessly Lockpicking a Vehicle Immobiliser' at USENIX in August.

    How about if it "turns out" that this fella Flavio Garcia wasn't doing research alone, and that members of his team would want to "leak" the details on torrent sites?

    We could still get them, no?

    By the way, who believes that the fella Flavio Garcia, is the only fountain of knowledge on the matter?

    It doesn't matter. Now everyone knows it can be done, other people will be working on it. Criminals probably.

    Sort of like how once we made a nuclear bomb, other scientist were able to make nuclear bombs.

  • by rwise2112 (648849) on Monday July 29, 2013 @04:17PM (#44416421)

    Shouldnt Volkswagen be forced to provide a timetable as to when this will be fixed so the temporary egregious act of suspending the First for this person can be lifted? It is Volkswagen's fault, they need to fix it now.

    So it seems that some form of this Megamos Crypto is used by just about all manufacturers. Does anyone know if all versions are broken? Since they all use it, it may come from a 3rd party, so Volkswagen may noy know when or how to fix it.

  • by Sir_Sri (199544) on Monday July 29, 2013 @04:25PM (#44416495)

    The only difference is now only the bad actors know about the problem.

    Know about but not necessarily how to actually do it. About all they know is from the guardian article that it took upwards of 50 000 GBP worth of equipment (and some security researchers) to actually figure out how to do it.

    He should have disclosed without notifying. That way they could not have stopped him.

    The point of notification is to give them an opportunity to fix it. The problem with cars is that 'fixing' it may not be possible, or may be astronomically expensive.

    Volkswagon wanted them to publish a redacted version of the paper, that explained how they did the hack but not the actual key (codes) they discovered, and they refused. That seems kind of dickish on the researchers parts honestly. It depends on the details of what exactly was to be redacted, so I'll withhold too much judgment, but with things that aren't connected to the internet there's a big problem in trying to actually roll out fixes. Of course there's no point in publishing a paper if you can't say anything about your method used, and if anything interesting about that was redacted it's basically a non starter.

    As we embed computers into more things this is going to be a bigger problem going forward. Are we going to need to replace 100 dollar car FOB starters every time there's a security hack? I suppose it might come to that, it's not like physical car locks are all that secure either. But if the hack requires 100 000 dollars in equipment and professional security expert time that puts the barrier to common criminals high.

    The researchers main point seems to be that they aren't saying anything that isn't already public just from a different method. In that case sure, I suppose they could have just published and the situation wouldn't be much different. But I'm not sure how true their claim is.

  • by GodfatherofSoul (174979) on Monday July 29, 2013 @04:31PM (#44416577)

    It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.

    My only objection to hackers revealing exploits is they must give the affected company time to fix the problem. This time is going to be longer for VW since their software is literally running all over the world. But, 4 years is ample time.

    I'd be curious to know exactly what VW has done to address the problem, or more broadly did they even *bother* to fix the problem.

  • by Anonymous Coward on Monday July 29, 2013 @04:32PM (#44416589)

    You're looking for: "If hacking is outlawed only outlaws will BE hackers" It works.

  • Re:A limey writes (Score:3, Interesting)

    by Impy the Impiuos Imp (442658) on Monday July 29, 2013 @07:18PM (#44418113) Journal

    The devil is in the details, which is why the elegant simplicity of the US Constitution is vastly preferable to these more complicated, lawyerly expressions of "rights", designed by politicians, for politicians.

    Just the wording oozes with the power hungry not wanting to give up their power:

    Article 10 – Freedom of expression
    1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises .

    2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals , for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.

    Loopholes big enough to drive an Airbus through. And I didn't even bother highlighting "public safety", "prevention of disorder or crime" or other get out of jail free cards rendering the whole thing largely meaningless.

Forty two.