Megamos Crypto Is Broken And Your Bentley Is Gonna Get Ganked

The English High Court is trying to stop it, but it's hard to know how much authority they have over the upcoming USENIX Security Symposium. If, as I suspect, the answer is "None", then attendees to that event will be treated to a presentation on how to break the Megamos Crypto system, the RFID-based immobiliser that prevents counterfeit and physically-copied keys, to say nothing of plain old "hot-wiring" at the ignition switch, from starting the Bentley Continental GT that, apparently, uses it. Of course, some of you will have already considered that if the system is in use in the CGT, it's in use in the Phaeton, and probably the Touraeg, as well. You're right, and there are far more cars at risk than just those. A brief bit of research suggests that every VW Group product made since circa 2001 or even earlier uses the Megamos Crypto system. Porsches may also be involved. A real-world implementation of the hack that will be demonstrated a USENIX could theoretically be launched from near the car; once it's done its thing, any car thief should be able to do the whole "gone in 60 seconds" business with it. There's apparently a well-distributed hack that allows BMWs to be started and stolen once access to the OBD-II port is gained, so in this manner at least Audi is doing a solid job of catching up to the Bavarian market leaders. While the British High Court might still be naive enough in 2013 to think that this kind of knowledge can be suppressed by legal fiat, the rest of us out there might want to take some advice from Antoine Dodson: Hide your Audi, hide your Gallardo, 'cause they're stealing every one out there! from The Truth About Cars http://www.thetruthaboutcars.com

Put the internet to work for you. via Personal Recipe 680102