Slashdot Mirror

← Back to Stories (view on slashdot.org)

English High Court Bans Publication of 0-Day Threat To Auto Immobilizers

Posted by timothy on from the driving-on-the-wrong-side-would-work-too dept.

An anonymous reader writes "The High Court — England's highest civil court — has temporarily banned the publication of a scientific paper that would reveal the details of a zero day vulnerability in vehicle immobilisers and, crucially, give details of how to crack the system. Motor manufacturers argued that revealing the details of the crack would allow criminals to steal cars. Could this presage the courts getting involved in what gets posted on your local Bugzilla? It certainly means that software giants who dislike security researchers publishing the full facts on vulnerabilities might want to consider a full legal route."

3 of 168 comments (clear)

  1. How long have they known? by gman003 · · Score: 5, Interesting

    It's standard practice, when publishing about security flaws, to alert the producer of the products affected before doing so openly, only publishing when a) the hole is patched, or b) if they are ignoring the issue and refusing (or at least taking too long) to fix it.

    If they have not given the manufacturer a reasonable amount of time to fix the problem, I can understand why they're being censored - it's unnecessarily dangerous. However, if this is simply the manufacturer trying even harder to pretend the problem doesn't exist, I would of course object strenuously, and support publishing the hole because that will not only force them to get a fix out ASAP, but will punish them for taking so long.

    And, while TFA doesn't say either way on the issue, I would expect the latter, not the former.

  2. Re:that settles it by EmperorArthur · · Score: 5, Interesting

    Now here's a thought.

    Many conferences have you submit at least a rough draft of your slides/paper early in the process. So, it's already been distributed to at least a few people. I wonder what the ramifications would be for the other authors to present anyways. Or if the conference CDs will contain the slide regardless.

    --
    So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
  3. That's nothing compared to Black Hat by Animats · · Score: 5, Interesting

    Take a look at this year's Black Hat presentations. These are just the ones on vulnerabilities in embedded systems.

    • Compromising Industrial Facilities From 40 Miles Away
    • Energy Fraud and Orchestrated Blackouts: Issues with Wireless Metering Protocols (wM-Bus)
    • Exploiting Network Surveillance Cameras Like a Hollywood Hacker
    • Fact and Fiction: Defending your Medical Devices
    • Hacking, Surveilling, and Deceiving victims on Smart TV
    • Home Invasion v2.0 - Attacking Network-Controlled Hardware
    • Honey, I'm home!! - Hacking Z-Wave Home Automation Systems
    • Implantable Medical Devices: Hacking Humans
    • Let's get physical: Breaking home security systems and bypassing buildings controls
    • Out of Control: Demonstrating SCADA device exploitation
    • The SCADA That Didn't Cry Wolf- Who's Really Attacking Your ICS Devices- Part Deux!