Volkswagen kept car immobiliser flaw quiet for two years
A major security flaw in more than 100 car models has been exposed after a car manufacturer kept the details suppressed for two years.
Three researchers, including a computer scientist from the University of Birmingham, were prevented from releasing the academic paper which detailed the flaw after Volkswagen won a case in the High Court to stop its publication. The researchers had discovered a weakness in an immobiliser system used by car manufacturers including Audi, Fiat, Honda, Volvo and Volkswagen that made it vulnerable to "keyless theft", where the signal sent between the key and ignition could be listened into, making it vulnerable to attack, and cars open to theft.
The Swiss-made immobiliser system in question works by preventing the engine from starting when a transponder embedded in a car's key is not present.
The research paper showed it was possible to listen in to the signals between the two, creating the potential for it to be manipulated.
Volkswagen were able to gain an injunction on the publication of the report, which was due in 2013, by arguing that it could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car". Last month, Fiat Chrysler announced it was recalling more than a million vehicles in the US after hackers were able to take control of a Jeep remotely over the internet.