Volkswagen hid a car hacking flaw for two years

CNN article at:
http://www.wcvb.com/money/volkswagen-hid-a-car-hacking-flaw-for-two-years/34729532

Researchers just revealed that technology used in 126 types of cars makes them easier to steal, and that Volkswagen went to court two years ago to keep their discovery a secret.

Three European computer scientists knew about the flaws since 2012, and they warned automakers. But Volkswagen used its lawyers to keep the research under wraps until now, when a legal settlement allowed the documents to go public.

Car hacking flaw? I don’t think it’s as much as flaw as it’s exploiting new technology by some unsavory characters namely a bunch of hackers. The dongle that some insurance companies give you to monitor your computer while you drive is just another easy way to hack your vehicle. I also hear that the monitoring devices installed by “buy here…pay here” car lots are also vulnerable to hacking. It’s not really a flaw if the designers had no idea that a vehicle could be hacked at the time that they were being designed. That’s my opinion anyway.

I consider it a flaw, just not a deliberate one.

Car hacking flaw?

Definitely a flaw. You have to take security into account when designing an open system.

Non-issue IMO.

Not so long ago we had simple metal keys without any fancy encryption. We had valets back then too :wink: If they wanted to steal your car, they simply made an imprint of the key outline in a hunk of clay in order to make a copy at their leisure. It didn’t take any specialized skills at all.

Now we have very complex keys by comparison and people are complaining because it doesn’t have the latest and greatest security algorithm in it. It’s not like the local meth head is going to be able to steal your car by first; being in a position to get the codes and then being smart enough to crack the algorithm.

It was far, far easier back in the day. And yet, there wasn’t rampant theft going on. Imagine that. Paranoia today is at an all time high…

Now we have very complex keys by comparison and people are complaining because it doesn't have the latest and greatest security algorithm in it.

You don’t need the latest and greatest. Decent encryption has been around for decades.

The point is, they used an outdated encryption scheme, and didn’t update it for many years after the fault was known. And they sued the people who discovered the flaw to prevent it from going public. To me, that is reprehensible behavior… or … typical large corporation behavior.

The point is, they used an outdated encryption scheme, and didn't update it for many years after the fault was known. And they sued the people who discovered the flaw to prevent it from going public.

That is the main point. A security flaw was shown to them…and they refused to take care of it. Probably because it would eat into their profits.

True Story - About 5-10 years ago this security was going to work in Boston and received an emergency call from one of his clients. He pulled off the highway and into some companies parking lot. He had to check something on his laptop and he noticed that the business of the parking lot he entered had an unsecured wifi.

Later that day he sent the business an email explaining what happened and they should think about securing their wifi (i,e require a password to connect). About a month after that he got a summons from that company saying they were suing him for breaking into their network.

^ wow, I believe it.

The point is, they used an outdated encryption scheme, and didn’t update it for many years after the fault was known.

Did you consider that it may have been considered advanced when it was in development but years later is now considered “outdated” by today’s standards? The point is, when is good enough, good enough? Face it, it took software engineers to uncover the limitations. No common thief could ever do it alone. It was, and is, more than sufficient for the purpose. It doesn’t need to be a safe…

And they sued the people who discovered the flaw to prevent it from going public
No schmidt! I agree. Again, only scientific types could figure it out, that is until the actually publish how to do it in an open forum where it becomes public knowledge. Brilliant…

You don’t need the latest and greatest.

Maybe you should read the article and listen to folks posting here. Because if it isn’t the latest and greatest, they will cry about how the greedy manufacturers didn’t include the best and I’m vulnerable…

Face it, it took software engineers to uncover the limitations. No common thief could ever do it alone. It was, and is, more than sufficient for the purpose. It doesn't need to be a safe...

You’re right - probably no common thief could do it.HOWEVER…A good but ethically questionable engineer might be able to create a device simple enough for the average crook and sell it. We just had a posting last week about that.