Slashdot Mirror

← Back to Stories (view on slashdot.org)

English High Court Bans Publication of 0-Day Threat To Auto Immobilizers

Posted by timothy on from the driving-on-the-wrong-side-would-work-too dept.

An anonymous reader writes "The High Court — England's highest civil court — has temporarily banned the publication of a scientific paper that would reveal the details of a zero day vulnerability in vehicle immobilisers and, crucially, give details of how to crack the system. Motor manufacturers argued that revealing the details of the crack would allow criminals to steal cars. Could this presage the courts getting involved in what gets posted on your local Bugzilla? It certainly means that software giants who dislike security researchers publishing the full facts on vulnerabilities might want to consider a full legal route."

7 of 168 comments (clear)

  1. that settles it by frovingslosh · · Score: 5, Insightful

    It sure is a good thing that England controls the entire Internet and that no one anywhere will be able to publish this information now.

    --
    I'm an American. I love this country and the freedoms that we used to have.
    1. Re:that settles it by gagol · · Score: 5, Insightful

      Not only that, if I had a recent vehicle, I would want to get the exploit public so the car manufacturer have an incentive to ACTUALLY FIX the problem.

      --
      Tomorrow is another day...
    2. Re:that settles it by bill_mcgonigle · · Score: 5, Insightful

      It sure is a good thing that England controls the entire Internet

      Not just the Internet - this action is curious because of jurisdiction. USENIX is in Washington, DC in a few weeks. Volkswagen is German. One of the authors is in the UK, but the other two are in the Netherlands.

      So, the action must be specifically targeting this one author. Weird - it's an accepted paper and the other two authors were obviously planning to present. I guess they won't be going through Heathrow.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    3. Re:that settles it by meerling · · Score: 5, Insightful

      I suspect the criminals don't want that. They probably want to keep the info under wraps for as long as possible so the manufacturer has little incentive to fix it while they continue to use it for their illicit advantage.

      Ok, so it wouldn't be your local thug on the corner, but there are some criminal groups that pride themselves on using the 'slick' methods.

    4. Re:that settles it by Opportunist · · Score: 5, Insightful

      Not only that, but to have a claim against insurance when (not if) this blows.

      It would certainly not be the first time that an insurance refuses a claim because "this can't happen". You have NO idea how long it took insurances to accept that certain locks can (despite any claims from manufacturers) be picked without damaging the lock. Manufacturer said it can't be, so people who made an insurance claim after being robbed actually had to face charges of insurance fraud.

      It is VITAL that not only manufacturers but also insurances get this information!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. not even until fix, until a full hearing by raymorris · · Score: 5, Insightful

    Generally temporary injunctions like this are just until there is a full hearing. Volkswagen will probably have a fix in place by then, but the main purpose is to avoid doing irreversible damage until there can be a full hearing on the facts.

    A temporary injunction is common in many types of cases and in no way indicates the court's opinion on the substantive issues. It's simply a recognition that they can't unpublish the information, so they need to wait until a decision is made before they publish. The same is often done with property disputes such as divorces. A temporary injunction orders both parties not to sell or otherwise dispose of the property until a decision is made as to ownership.

    Ps - I don't care for the injunction. I would have preferred that the court hint at whether they think the case has merit, then let the researcher decide whether to release the information immediately, risking a successful suit for damages. The injunction, as a prior restraint on speech, is censorship. Still, it's best not to exaggerate the effect of the or intent of the injunction.

  3. Re:this should be standard by frovingslosh · · Score: 5, Insightful

    On the other hand, as these researchers learned, if you notify the company, they can get a court order against you. If you let the cat out of the bag without notifying them them, they can't really stop you. And if you figured it out, there is a good chance that the company knows about it already anyway. They simply don't have any incentive to correct it unless they know that the general public knows about it too.

    --
    I'm an American. I love this country and the freedoms that we used to have.