Computer Scientist Banned from Publishing Auto Security Hack
A high court judge has ruled that a computer scientist cannot publish an academic paper over fears that it could lead to vehicle theft.
Flavio Garcia, from the University of Birmingham, has cracked the algorithm behind Megamos Crypto—a system used by several luxury car brands to verify the identity of keys used to start the ignition. He was intending to present his results at the Usenix Security Symposium.
But Volkswagen’s parent company, which owns the Porsche, Audi, Bentley and Lamborghini brands, asked the court to prevent the scientist from publishing his paper. It said that the information could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car."
The company asked the scientists to publish a redacted version of the paper without the crucial codes, but the researchers declined, claiming that the information is publicly available online.
Instead, they protested that "the public have a right to see weaknesses in security on which they rely exposed," adding that otherwise, "industry and criminals know security is weak but the public do not."
The judge, Colin Birss, ultimately sided with the car companies, despite saying he "recognized the importance of the right for academics to publish."