Volkswagen hide a serious security breach for two years
Volkswagen, along with other brands in its group as Audi, Porsche or Lamborghini, vehicles have vulnerabilities in the immobilizers Megamos. This device can only start the engine if the key is correct. However, in 2012 researchers discovered a vulnerability affecting the security system, which could be violated by a brute force attack. The researchers were able to reduce the number of combinations to 196.607 to intercept the key that is sent between the key driver and locking device. Volkswagen researchers sued claiming that if the vulnerability was made public the number of robberies increase. The injunction imposed by the U.K.´s High Court prevented the results of his research see the light until last USENIX security conference held in Washington D.C.
References:
- 14/08/2015 bloomberg.com VW Has Spent Two Years Trying to Hide a Big Security Flaw
- 17/08/2015 hotforsecurity.com Silenced for two years by Volkswagen, car hackers reveal their paper into security hole
Tags: