If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Guardian)   Computer lecturer banned from revealing a secret algorithm that can turn any Lamborghini, Bentley or Porsche into Herbie. There goes the science (Not safe for work images in sidebar)   (guardian.co.uk) divider line 59
    More: Obvious, algorithms, subscribers, luxury cars, University of Birmingham, computing  
•       •       •

7638 clicks; posted to Geek » on 29 Jul 2013 at 1:13 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



59 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-07-29 12:02:04 PM  
i.cdn.turner.com

HERBIE IS MAGIC, ASSHOLE!
 
2013-07-29 12:04:42 PM  
Well it's a good thing they banned the paper, now there is no way nefarious individuals will get their hands on it and the car companies can continue business as usual.
 
2013-07-29 12:27:24 PM  
I'm all for open research and freedom and all that, but couldn't the dudes just black out the code in the paper until a fix can be put in? Maybe a fix isn't even possible, I don't know. That would be one hell of a recall.
 
2013-07-29 12:40:48 PM  
In America, they could publish it without (much) fear.   Crime Facilitating Speech is mostly legal in the US.  First Amendment, and all that.
 
2013-07-29 12:43:40 PM  
*adjusts foil fedora*
Does it work on Mercedes too?
 
2013-07-29 12:53:17 PM  
Obscurity is the new security
 
2013-07-29 12:54:10 PM  
COOTYS RAT SEMEN
 
2013-07-29 01:20:03 PM  
Thanks for the NSFW picture on the right side bar about the film Nymphomaniac.
 
2013-07-29 01:23:01 PM  

dahmers love zombie: COOTYS RAT SEMEN


MY SOCRATES NOTE
 
2013-07-29 01:33:45 PM  

bdub77: dahmers love zombie: COOTYS RAT SEMEN

MY SOCRATES NOTE


SETEC ASTRONOMY
 
2013-07-29 01:44:48 PM  
NSFW image on that page, fyi
 
2013-07-29 01:46:34 PM  

show me: bdub77: dahmers love zombie: COOTYS RAT SEMEN

MY SOCRATES NOTE

SETEC ASTRONOMY


www.starwarped.net
 
2013-07-29 01:54:07 PM  

bdub77: show me: bdub77: dahmers love zombie: COOTYS RAT SEMEN

MY SOCRATES NOTE

SETEC ASTRONOMY


TOO MANY SECRETS
 
2013-07-29 01:54:56 PM  
Remember the good ol' days when someone could steal your Honda with a screwdriver?
 
2013-07-29 01:55:26 PM  

EvilEgg: Well it's a good thing they banned the paper, now there is no way nefarious individuals will get their hands on it and the car companies can continue business as usual.


I'm kind of reminded of the recent paper about how to make a better (read: more deadly and more contagious) flu virus.  On the one hand, this sort of research is necessary*.  On the other hand, maybe we shouldn't publish these things to just everybody.

*Apparently, it's a royal PITA to make a new flu vaccines, so if they can make vaccines in advance for "This flu will kill you and your family" flus, this is good.
 
2013-07-29 02:00:30 PM  
 
2013-07-29 02:16:23 PM  

dittybopper: In America, they could publish it without (much) fear.   Crime Facilitating Speech is mostly legal in the US.  First Amendment, and all that.


Too bad he's in a country without freedom of speech.
 
2013-07-29 02:27:24 PM  
Mobile site does not have nsfw image

/not subby
 
2013-07-29 02:31:33 PM  
Is this really over the crypto algorithm the cars use like the article seems to suggest? Or is it actually private key codes that were extracted, and the author is confused?

If it's the algo, then that company is utterly incompetent, and should lose all their business immediately and forever. And the car manufacturers who were dumb enough to buy from them should suffer the cost of recalls to fix it. Any crypto system that relies on a secret algorithm should be assumed to be broken. Never trust cryptography that isn't open source and thoroughly vetted by cryptanalysts.
 
2013-07-29 02:32:31 PM  

tricycleracer: Remember the good ol' days when someone could steal your Honda with a screwdriver?


But nothing of value was lost in those cases.
 
2013-07-29 02:35:12 PM  

Nem Wan: dittybopper: In America, they could publish it without (much) fear.   Crime Facilitating Speech is mostly legal in the US.  First Amendment, and all that.

Too bad he's in a country without freedom of speech.


That.

They have "freedom to not be offended by others' speech" instead.

/Which personally I get, but I think it's stupid to apply the "sexual harassment problem" (that what I think is offensive is not what you think is offensive, and when I'm making the action and it's your opinion that gets me punished for that action (with no clear concrete rules to determine offensiveness beyond your opinion as of the time of the action), I'm screwed) to all speech.
//And yeah, there's some obvious stuff, but around the margins gets really iffy.
 
2013-07-29 02:43:22 PM  

tricycleracer: Remember the good ol' days when someone could steal your Honda with a screwdriver?


I can still steal your Honda with the proper application of a screwdriver.

Step 1. Stab you in the lungs with a screw driver.
Step 2. Take your keys.
Step 3. Profit.
 
2013-07-29 03:15:17 PM  

Because People in power are Stupid: Obscurity is the new security


The companies still know the flaw so they can fix it. According to TFA all they want banned from the publication are the actual universal codes. They get to publish the method so people everywhere will still know what to do to (steal/prevent stealing of) a car.

Personally I don't disagree with the judge. People would be pissed if someone published a detailed schematic of their front door key, so why not be pissed at someone publishing your car key? And while that person could change their lock, it isn't really an option to recall every single car using this particular system.
 
2013-07-29 03:17:11 PM  

4of11: Never trust cryptography that isn't open source and thoroughly vetted by cryptanalysts.


What does Superman have to do with this?
 
2013-07-29 03:35:46 PM  

DerAppie: People would be pissed if someone published a detailed schematic of their front door key, so why not be pissed at someone publishing your car key?


People should be pissed at a car-maker that evidently installs software made by Baby's First Cryptography Playset.  If I am paying fark you and your little dog Toto too dollars/pounds/euros/yen/yuan for a car, I want Super Ultra Mega Platinum security, not Lousy Half-Assed Sorta Meh Rusted Iron security.  "He published something proving my car can be taken over by a Speak-n-Spell" is not the problem;  the car manufacturer installed security that can be taken over by a Speak-n-Spell" is the problem
 
2013-07-29 03:43:18 PM  

phalamir: DerAppie: People would be pissed if someone published a detailed schematic of their front door key, so why not be pissed at someone publishing your car key?

People should be pissed at a car-maker that evidently installs software made by Baby's First Cryptography Playset.  If I am paying fark you and your little dog Toto too dollars/pounds/euros/yen/yuan for a car, I want Super Ultra Mega Platinum security, not Lousy Half-Assed Sorta Meh Rusted Iron security.  "He published something proving my car can be taken over by a Speak-n-Spell" is not the problem;  the car manufacturer installed security that can be taken over by a Speak-n-Spell" is the problem


There's 2 possible ways this could be interpreted, and it depends on which paper the guy wrote:

1) Here's a schematic of the key to your front door.
2) Here's a fairly trivial way to use a hairpin to pick the lock on your super-expensive "pick-proof" front door.

#1 is his problem (and honestly "I got my hands on the master key" isn't much of a paper unless he did it in some odd way that is in and of itself a security hole) and phalamir is correct.
#2 is the car maker's problem that their "super-duper" security could be defeated by the computer equivalent of a lockpick and DerAppie is correct.
 
2013-07-29 03:45:38 PM  

ThatBillmanGuy: bdub77: show me: bdub77: dahmers love zombie: COOTYS RAT SEMEN

MY SOCRATES NOTE

SETEC ASTRONOMY

TOO MANY SECRETS


COTE MANY TOSSER
 
2013-07-29 03:58:56 PM  

meyerkev: phalamir: DerAppie: People would be pissed if someone published a detailed schematic of their front door key, so why not be pissed at someone publishing your car key?

People should be pissed at a car-maker that evidently installs software made by Baby's First Cryptography Playset.  If I am paying fark you and your little dog Toto too dollars/pounds/euros/yen/yuan for a car, I want Super Ultra Mega Platinum security, not Lousy Half-Assed Sorta Meh Rusted Iron security.  "He published something proving my car can be taken over by a Speak-n-Spell" is not the problem;  the car manufacturer installed security that can be taken over by a Speak-n-Spell" is the problem

There's 2 possible ways this could be interpreted, and it depends on which paper the guy wrote:

1) Here's a schematic of the key to your front door.
2) Here's a fairly trivial way to use a hairpin to pick the lock on your super-expensive "pick-proof" front door.

#1 is his problem (and honestly "I got my hands on the master key" isn't much of a paper unless he did it in some odd way that is in and of itself a security hole) and phalamir is correct.
#2 is the car maker's problem that their "super-duper" security could be defeated by the computer equivalent of a lockpick and DerAppie is correct.


The meta-issue, though, is that we have no idea which one it is because the guy isn't allowed to publish.
 
2013-07-29 04:10:20 PM  

DerAppie: Because People in power are Stupid: Obscurity is the new security

The companies still know the flaw so they can fix it. According to TFA all they want banned from the publication are the actual universal codes. They get to publish the method so people everywhere will still know what to do to (steal/prevent stealing of) a car.

Personally I don't disagree with the judge. People would be pissed if someone published a detailed schematic of their front door key, so why not be pissed at someone publishing your car key? And while that person could change their lock, it isn't really an option to recall every single car using this particular system.


The information has been available on the Internet since 2009. Banning the paper doesn't protect Volksagen's customers; only themselves. Personally, I would like to know what car thieves know, because that allows me to figure out if Volkswagen is actually doing anything about it.
 
2013-07-29 04:15:31 PM  

meyerkev: phalamir: DerAppie: People would be pissed if someone published a detailed schematic of their front door key, so why not be pissed at someone publishing your car key?

People should be pissed at a car-maker that evidently installs software made by Baby's First Cryptography Playset.  If I am paying fark you and your little dog Toto too dollars/pounds/euros/yen/yuan for a car, I want Super Ultra Mega Platinum security, not Lousy Half-Assed Sorta Meh Rusted Iron security.  "He published something proving my car can be taken over by a Speak-n-Spell" is not the problem;  the car manufacturer installed security that can be taken over by a Speak-n-Spell" is the problem

There's 2 possible ways this could be interpreted, and it depends on which paper the guy wrote:

1) Here's a schematic of the key to your front door.
2) Here's a fairly trivial way to use a hairpin to pick the lock on your super-expensive "pick-proof" front door.

#1 is his problem (and honestly "I got my hands on the master key" isn't much of a paper unless he did it in some odd way that is in and of itself a security hole) and phalamir is correct.
#2 is the car maker's problem that their "super-duper" security could be defeated by the computer equivalent of a lockpick and DerAppie is correct.


The way I read it they did number one, which gave them a code which was basically number 2. Then they wanted to publish number one and number two. Volkswagen didn't number 2 published, which I consider to be reasonable, so they demanded it be redacted from the publication. The rest could then still be published. That way all the technical data is still available while someone with an rfid chip writer (or whatever those keys use) still needs to shell out $50k to get the data for an universal ignition key for 250k cars.
 
2013-07-29 04:25:30 PM  

DerAppie: The way I read it they did number one, which gave them a code which was basically number 2.


I'm guessing you mean #2 to #1.
 
2013-07-29 04:59:23 PM  
I was going to publish 1) wait in the bushes with a knife 2) wait for guy to open car 3) take keys 4) profit, but VW wouldn't let me.

/Crypto's really only as good as the number of whacks it takes with a rubber hose to get you to give up the password.
 
2013-07-29 05:02:44 PM  
Were this about an American being told he can't publish his paper, I'd be outraged. Because: First Amendment. But it's this guy's own fault for being British.
 
2013-07-29 05:33:32 PM  

DerAppie: Volkswagen didn't number 2 published, which I consider to be reasonable, so they demanded it be redacted from the publication.


Then VW ought to have to front the man cash.  It is not his responsibility to look out for VW.  If he is beholden to VW's bottom line, then it is only fair he profit from VW's bottom line.
 
2013-07-29 05:35:15 PM  

Because People in power are Stupid: Obscurity is the new best security


This is an old ethos.
 
2013-07-29 05:37:22 PM  
Don't certain government agencies require that car remotes can be hacked fairly easily?  I could have sworn i heard that about Europe?
 
2013-07-29 05:45:15 PM  
".....as it could lead to the theft of millions of vehicles, a judge has ruled. "

really?   Sounds like a bit of hyperbole to me.    I doubt that there are "millions" of vulnerable ferraris, lambos, and bentlys extant.  Audis?   NFI.   But I don't think releasing this info is going to suddenly cause every single one of them to be stolen.
 
2013-07-29 05:58:37 PM  
 
2013-07-29 06:26:19 PM  
intellihub.com
Of course, only the government can be trusted with that information.
 
2013-07-29 07:12:30 PM  

r1niceboy: ThatBillmanGuy: bdub77: show me: bdub77: dahmers love zombie: COOTYS RAT SEMEN

MY SOCRATES NOTE

SETEC ASTRONOMY

TOO MANY SECRETS

COTE MANY TOSSER


TOSS MY TEEN ORCA
 
2013-07-29 07:49:04 PM  
Computer lecturer banned from revealing a secret algorithm that can turn any Lamborghini, Bentley or Porsche into Herbie.

I didn't even know they had computers that lectured. I guess I'll never get to see that since they've been banned.
 
2013-07-29 07:49:23 PM  

whither_apophis: r1niceboy: ThatBillmanGuy: bdub77: show me: bdub77: dahmers love zombie: COOTYS RAT SEMEN

MY SOCRATES NOTE

SETEC ASTRONOMY

TOO MANY SECRETS

COTE MANY TOSSER

TOSS MY TEEN ORCA


SOOTY MEN'S CRATE
 
2013-07-29 07:49:31 PM  

show me: I'm all for open research and freedom and all that, but couldn't the dudes just black out the code in the paper until a fix can be put in? Maybe a fix isn't even possible, I don't know. That would be one hell of a recall.


Did anyone read the article? - "had probably used a technique called "chip slicing" which involves analysing(sic) a chip under a microscope and taking it to pieces and inferring the algorithm from the arrangement of the microscopic transistors on the chip itself"

Analysis of the hardware seems to have led to the algorithm. I'm surprised there are not more car thefts.
 
2013-07-29 08:16:36 PM  

PapaChester: Analysis of the hardware seems to have led to the algorithm. I'm surprised there are not more car thefts.


imgs.xkcd.com

Or, rather, in this case:

image.dhgate.com

People worry about the dumbest things when it comes to cars and their electronics. How many car thieves have the capability to analyze the arrangement of transistors on a microchip to steal a $100,000 car and how many would bother when they could steal twenty $10,000 cars by smashing a window or checking door handles in the time it takes to do it?
 
2013-07-29 08:54:58 PM  
This still works, yes?
i.imgur.com
 
2013-07-29 10:31:26 PM  

4of11: Is this really over the crypto algorithm the cars use like the article seems to suggest? Or is it actually private key codes that were extracted, and the author is confused?

If it's the algo, then that company is utterly incompetent, and should lose all their business immediately and forever. And the car manufacturers who were dumb enough to buy from them should suffer the cost of recalls to fix it. Any crypto system that relies on a secret algorithm should be assumed to be broken. Never trust cryptography that isn't open source and thoroughly vetted by cryptanalysts.


It wasn't until very recently that in-car data was encrypted at all.  Data like the handshake from the module that senses the smart fob that stays in your pocket since the car is push button start.

I like tech advances but I'll stick with my good old-fashioned keys, thank you.

/also removes key fuses or relays when parking long-term
 
2013-07-29 10:40:22 PM  

wambu: This still works, yes?
[i.imgur.com image 850x590]


As long as you just want the spare change and the Creedence tapes.
 
2013-07-29 10:58:25 PM  

wambu: This still works, yes?


It works fine to get you inside the car. It is somewhat less effective in convincing the computer to turn the engine on so that you can drive away. You could directly hot-wire the starter but that won't help unless the fuel injection etc. is also active.
 
2013-07-29 11:19:06 PM  
Damnit. My car uses algorithmic keys to run the car. You can't even stick the key in the car anywhere. There are no holes. Except on the driver's side door.

/considering my car is an inexpensive one, maybe they couldn't afford this shiatty cryptography.
 
2013-07-29 11:46:34 PM  
I worked with Garcia on this paper, and since I'm living in the states we're going to release it here. The codes are...

1...

2...

3...

4...

5...

Information is freedom!
 
Displayed 50 of 59 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report