Scientific researchers Baris Ege and Roel Verdult are two researchers at the Radboud University in Nijmegen, the Netherlands. Together with Flavio D. Garcia, a colleague at the University of Birmingham, they conducted research on how secret codes of luxury cars can be hacked.
In their article “Dismantling Megamos Crypto”, they describe in detail how the security method Megamos Crypto can be hacked. Megamos Crypto is used in luxury brands such as Volkswagen, Bugatti and Bentley.
The research was slated to be published and presented in August 2013 at the USENIX security symposium in Washington. The Volkswagen Group requested that the researchers would publish their article without describing the exact code. The three scientists refused “out of principle” claiming that the general public has a right to know about security holes and flaws in car security systems.
The Volkswagen Group went to court, arguing that publication of the article would “facilitate” gangs specializing in luxury car theft. The judge agreed and issued an injunction, stating that the article could lead to theft of millions of cars such as Porsches, Audis, and Lamborghinis.
The Radboud University expressed its disappointment since “the injunction does not comply with freedom of academic publishing”. The university also pointed out that to steal a car, cracking the security code is not enough. “Our researchers found out how the immobilizer can be turned off. However, the thief must also get into the car to disengage the car alarm.”
The universities will fight for their right to publish in court at a later date.