German automaker Volkswagen successfully convinced England's High Court to issue an interim injunction against England's University of Birmingham that will delay publication of an academic paper on how the anti-theft systems used on millions of Volkswagens are at risk from hackers.
According to the Associated Press, the university was "disappointed with the judgment which did not uphold the defense of academic freedom and public interest, but respects the decision."
A group of academics from the university planned publish a paper to reveal how hackers could bypass a certain brand of computer chip that is used by several automakers including Volkswagen. The chip uses an algorithm to ensure that a car can only be started with the right key. Reportedly, the paper would reveal how the researchers were able to reverse engineer the algorithm.
The decision of the English court was met with disappointment by some, including Alex Fidgen, director of MWR InfoSecurity, an IT security company in Great Britain. Cars are now a genuine target for cyber criminals, according to Fidgen, and it is possible for attackers to gain control of a vehicle while it is in motion, with disastrous consequences.
"It is feasible that an exploitation of any number of embedded devices within a car might allow an attacker to gain control," he says. "For instance, this would have serious consequences if the brakes were applied at high speed."
Fidgen does not believe vendors should not try to block security research. Instead, they should work together with the researchers to understand the nature and potential consequences of the threats they are facing.
"Resorting to legal action to block such details from being published is the wrong approach," he says. "Manufacturers should instead incorporate strong security research in the design process. There are real concerns about the attitude of VW given they appear to be trying to suppress this information rather than working to rectify it."
Fidgen points out that cars are becoming increasingly computerized and he does not believe manufacturers have considered the security threat when using embedded computer systems.
Such IT vulnerabilities could potentially have very serious impacts, both from security and financial perspectives, as cyber criminals target companies on a daily basis, according to Fidgen.
"Volkswagen has only highlighted to the criminals out there that the problems are likely to be genuine and important, so the damage has already been done," he says
From a customer viewpoint, Fidgen does not believe the issue is simply about the car being stolen.
"It's about the owners' personal information being stolen from mobile phones and other mobile devices that are linked to the cars on-board computer systems," he says. "From the manufacturers' perspective, it's about the latest 'gizmo' being stolen by competitors."
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.