Monday, August 12, 2013

Why VW's court win helps 'black hat' hackers

Why VW's court win helps hackers

Bruce Gain is an Automotive News Europe correspondent in France.Bruce Gain is an Automotive News Europe correspondent in France.
Volkswagen recently won a court case that stopped computer scientists from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis.
The victory, however, will make carmakers more vulnerable to hackers because company engineers will have less information available to help them design more secure in-car systems.
The academics wanted to add to a collective pool of knowledge that engineers could use to make systems more secure from attack. By having as much information as possible about security flaws, engineers are less prone to make design errors.
The researchers are "white hats," meaning that they create hacks to discover how things work, and ultimately, how to remove security flaws in computer code.
The "black hats," those who sell hacks on the black market, and their customers who use the information to steal and defraud their victims, are probably happy that Volkswagen won its lawsuit. Now the black hats can sell their hacking tools for even more money.
When a hack that can be used to exploit a system is not publicly available black hats usually must pay for it. If it is in the public domain, it is not worth as much.
Ross Anderson, a security researcher at the University of Cambridge's computer laboratory department, thinks that VW's court victory to stop one security flaw from being published won't stop the bad guys from doing what they are already doing.
In the end, the court case is bad public relations for VW, Anderson wrote in an e-mail reply to questions.
"Now the world and his dog know not just that their engineering skills are less than perfect, but that the company is unpleasant and unreasonable to boot," Anderson wrote. "If they had kept quiet, then [the research paper VW stopped from being published] would have been one out of several dozen ... and would probably have got only a few column inches in obscure specialist publications."
Instead, the case was reported by the Guardian newspaper, the BBC, and other media outlets including Automotive News Europe (for the original story, click here).
You can reach Bruce Gain at

No comments: