Early this summer, a British court in London ordered computer security researchers to withdraw their scientific paper "Dismantling Megamos Security: Wirelessly Lockpicking a Vehicle Immobilizer," which was to be presented at the 22nd USENIX Security Symposium in August in Washington D.C.
The work presented in the paper was carried out in the Digital Security research group of professor Bart Jacobs of the Radboud University Nijmegen (Netherlands). Flavio Garcia, Roel Verdult and Baris Ege, the three authors of the paper, in 2012 discovered a serious weakness in the algorithm of a cryptography-based car immobilizer (an electronic security device that prevents the engine from running unless the correct key or token is presented) known under the name "Megamos Crypto." The research paper describes both the algorithm and the weakness within it.
The algorithm was created in the mid-1990s by Thales, a French multinational that designs and produces electrical systems. Thales licensed the algorithm to the Swiss firm EM Microelectronic to build it into a microprocessor. EM sold the microprocessor to Troy, MI-based Delphi Automotive, and Delphi manufactured and sold a complete immobilizer to the German car company Volkswagen, as well as to many other car manufacturers. Volkswagen says it has installed the immobilizer in millions of cars, particularly in vehicles in Volkswagen's luxury car brands, including Porsche, Audi, Bentley, and Lamborghini.
Security researchers are expected to 'responsibly disclose' security flaws. Good practice is to inform the manufacturer of the product and give it time to fix the flaw, generally six weeks for software producers and six months for hardware producers. Completely in accordance with this practice, the researchers informed EM in November 2012 about their discovery. EM, however, reacted slowly.
Meanwhile, in February 2013, the first author of the paper, Flavio Garcia, moved from the Netherlands to the U.K., to work for the University of Birmingham. Volkswagen learned of plans to publish a paper on 'Dismantling Megamos Security' on May 23, and as first author Garcia was now a resident of the U.K., Volkswagen was able to go to court in that nation to try to prevent the paper's publication. Volkswagen argued that publication of the paper would facilitate the theft of millions of its cars.
On June 25, the British judge ruled in favor of Volkswagen, saying, "I recognize the high value of academic free speech, but there is another high value, the security of millions of Volkswagen cars." As a result, the paper could not be not published in the conference proceedings. While the paper's lead author, Roel Verdult, did give a presentation at the USENIX-conference in August, he was not allowed to say anything about the security flaw in the Megamos crypto-algorithm.
In the online article "Megamos Crypto, Responsible Disclosure and the Chilling Effect of Volkswagen Aktiengesellschaft vs. Garcia et al,", London-based law firm director and Senior Visiting Fellow with the Information Security Group at Royal Holloway, University of London, Robert Carolina, and Royal Holloway professor of Information Security Kenneth Paterson, analyzed the British verdict in detail. To them, the court's decision "evinces a lack of understanding of the foundational principles of cryptography and secure system design . . . The decision also appears to lack a clear understanding of the term of art "responsible disclosure," and the well-established role that this plays in security research."
Carolina and Paterson suggest that the judge's decision is "out of step with the prevailing trends in other countries regularly engaged in such research," and that this decision could isolate UK security research academics from their international colleagues.
Had the same case been brought to court in the Netherlands or another of the continental European countries, it is doubtful that Volkswagen would have won. In 2008, the Digital Security research group of Radboud University Nijmegen was involved in a similar case. Under the supervision of professor Bart Jacobs, researchers published a paper in March 2008 which said the Mifare Classic wireless smart card chip − at that time used in the Dutch public transport chip card, and also in the London public transport Oyster card − contained serious security flaws.
The Dutch company NXP Semiconductors (formerly Philips Semiconductors), which produced the chip, sued the researchers to prevent publication of that paper. Contrary to the British judge's decision in the Volkswagen case, the Dutch judge decided that publication of the paper fell under the principle of freedom of expression, and that it is of great importance in a democratic society that the results of scientific research can be published. Furthermore, the judge said the researchers had acted carefully in dealing with the responsible disclosure of the security flaws to chip manufacturer NXP.
It is interesting to note that Volkswagen, in its corporate Code of Conduct, says, "We respect and observe the principles of free expression of opinion, the principles concerning the right to information, the independence of the media, and the protection of personal rights . . . We are all obligated to the truth with respect to political institutions, the media, and the public domain."
The decision of the British court is preliminary; a full trial is to follow at some later date. In the meantime, both Volkswagen and the security researchers decline to comment.
Unless overturned, the court's decision is a serious blow to academic security research, especially in the U.K., and bad for society. It is always preferable to hear the bad news from the good guys, than to learn it after the bad guys have struck.
Bennie Mols is a science and technology writer based in Amsterdam, the Netherlands.
No entries found