Volkswagen used the legal system to keep a car security vulnerability quiet for over two years.
With all the recent news surrounding possible hacking vulnerabilities with GM’s OnStar and Fiat Chrysler’s Uconnect, a new report has surfaced revealing that Volkswagen hid a flaw in its system for over two years.
A trio of European computer scientists first discovered the flaws in 2012 and warned automakers about the issue with high-tech keys used in today’s cars. Instead of informing the public, Volkswagen used its lawyers to keep the research quiet. Now, a legal settlement has allowed the documents to go public.
According to the researchers, the chip used in today’s keys use outdated encryption and if a computer can listen or talk to the key just twice, it can figure out a pattern to the codes it sends to the vehicle. From there, thieves can just make a copy of the key and the chip and gain access to the vehicle.
The researchers were surprised to find that even luxury vehicles used outdated encryption and affected vehicles include a long list of models from Audi, Fiat, Honda, Kia, Volkswagen, Volvo and even Ferrari. All of the possibly affected vehicles rely on chips manufactured by EM Microelectronic in Switzerland.
When the researchers first discovered the issue, they gave the Swiss-based chip maker nine months to fix the problem in late 2012 before they intended to go public with the research. The following year, Volkswagen sued the universities and the researchers, blocking them from publishing their work to fellow academics, essentially quieting them.
Ultimately, both sides settled on the issue when the researchers agreed to omit a single line from their report, which featured an important detail that could allow even a non-technical person to figure out the hack.
The German automaker acknowledged that there is a technological flaw with the keys but said that it takes “considerable, complex effort” to do it.
Discuss this story at our Volkswagen Forum