Volkswagen used the legal system to keep a car security vulnerability silent for over two years.
With all the recent news surrounding possible hacking vulnerabilities with GM’s OnStar and Fiat Chrysler’s Uconnect, a new report has surfaced revealing that Volkswagen hid a flaw in its system for over two years.
A trio of European computer scientists first learned the flaws in 2012 and warned automakers in this area the issue with high-tech keys used in today’s cars. Instead of informing the public, Volkswagen used its lawyers to keep the research silent. Now, a legal settlement has allowed the ID to go public.
According to the researchers, www.rawvehicle.com the chip used in today’s keys use outdated encryption and if a computer can listen or talk to the key just twice, it can figure out a pattern to the codes it sends to the vehicle. From there, thieves can just make a copy of the key and the chip and gain access to the vehicle.
The researchers were surprised to find that even luxury vehicles used outdated encryption and affected vehicles include a long list of models from Audi, Fiat, Honda, Kia, Volkswagen, Volvo and even Ferrari. All of the possibly affected vehicles rely on chips manufactured by EM Microelectronic in Switzerland.
When the researchers first learned the issue, they gave the Swiss-based chip maker nine months to fix www.rawvehicle.com the problem in late 2012 before they intended to go public with the research. The following year, Volkswagen sued the universities and the researchers, blocking them from publishing their work to fellow academics, essentially quieting them.
Eventually, both sides settled on the issue when the researchers agreed to omit a release line from their report, which featured an vital detail that could allow even a non-technical person to figure out the hack.
The German automaker acknowledged that there is a technological flaw with the keys but said that it takes “considerable, complex effort” to do it.
This article originally appeared at Rawvehicle.com