VW seek to ban the publication of their latest research over theft fears

By in most stolen cars, UK car theft, VW cars

In the ongoing controversy about freedom of the press, academic freedom and ‘the public’s right to know’, the question still seems to centre around whether any particular bit of information is likely to do more harm than good if it’s freely disseminated. Case in point: computer scientists whose independent research led to the discovery of a way to get around the code for the locking mechanism on several of the most expensive cars on the market.

Volkswagen, the German company that gave us the Beetle, also brought us Bentleys, Porsches, Audis and Bugattis – and many more. When Flavio Garcia of Birmingham University, along with two Dutch colleagues from Raboud University announced the imminent publication of their findings, VW officials petitioned the British court to ban or delay publication because they said it could lead to the theft of many of their top-end cars as well as the lower-priced ‘people movers’ popular worldwide.

The reaction came after publication of a Guardian article reporting the initial finds of the scientific trio, and the British High Court has ruled that they cannot publish as intended at the Usenix Security Symposium that takes place next month (August) in Washington D.C. The ban is temporary, presumably meant to give Volkswagen time to contact their customers who may be affected.

What the scientists discovered was that the code or algorithm that allows a car’s computer to accept an ignition key, in this case Volkswagen’s Megamos Crypto algorithm, could be bypassed; they planned to demonstrate this lack of security at the Symposium. The Megamos algorithm dates back to the 1990s and is outdated but still widely in use by the automotive industry.

Both Universities disagreed with the Court’s decision but said they would respect it. Raboud University issued a statement to the effect that academic freedom (to publish) in the field of cyber security is crucial to the public interest, and that the report would not constitute handing out instructions about how to steal a car – that would require additional information.