A car immobiliser developed by Megamos found on millions of vehicles is vulnerable to hacking attacks, with researchers saying that the encryption system can be cracked – so bear this in mind if you’ve just invested in new Citroen turbos and this anti-theft gadget… you may not be as protected as you think.
The study, conducted by Radboud University in Holland, found that by listening in to the radio chip in the car key and the crypto system hackers were provided with information about which secret key was being used to mix the data up. The researchers were in fact able to find which crypto key was being used in about half an hour, the BBC reports.
Apparently, it will prove difficult to fix the flaws in the current system for the Megamos immobiliser as it will mean replacing the radio chips found in the car keys, as well as the hardware in cars that are affected. Vehicles from Porsche, Volkswagen and Honda all make use of this seemingly weak system.
Although this study was conducted in 2012, publication of the results had been banned up until now after an English court ruled that it should be withdrawn, at the request of Volkswagen. The car manufacturer eventually agreed that the results could be published after the authors of the study removed one sentence from their findings, which described the component of the calculations relating to the chip.
“It is frustrating that so much time, money and effort has been wasted. This is not an incentive to report defects only to the manufacturer concerned,” head of the Digital Security Group in Nijmegen professor Bart Jacobs said.