Scientific researchers Baris Ege and Roel Verdult are two researchers at
the Radboud University in Nijmegen, the Netherlands. Together with Flavio D. Garcia, a colleague at the University of Birmingham,
they conducted research on how secret codes of luxury cars can be hacked.
In
their article “Dismantling Megamos Crypto”, they describe in detail how the
security method Megamos Crypto can be hacked. Megamos Crypto is used in luxury
brands such as Volkswagen, Bugatti and Bentley.
The
research was slated to be published and presented in August 2013 at the USENIX security symposium in Washington. The Volkswagen Group requested that the researchers
would publish their article without describing the exact code. The three scientists
refused “out of principle” claiming that the general public has a right to know
about security holes and flaws in car security systems.
The
Volkswagen Group went to court, arguing that publication of the article would “facilitate”
gangs specializing in luxury car theft. The judge agreed and issued an
injunction, stating that the article could lead to theft of millions of cars such as Porsches,
Audis, and Lamborghinis.
The
Radboud University expressed its disappointment since “the injunction does not
comply with freedom of academic publishing”. The university also pointed out
that to steal a car, cracking the security code is not enough. “Our researchers
found out how the immobilizer can be turned off. However, the thief must also
get into the car to disengage the car alarm.”
The
universities will fight for their right to publish in court at a later date.