Volkswagen Spent Years Hiding This Huge Security Flaw

2 minute read

2015 may go down as the year when we all realized that our cars are vulnerable to hackers.

First we had a report from a U.S. Senator on the security risks facing new car owners, and then the news that Fiat had recalled 1.4 million cars to address security flaws. And this week a paper is being presented at the USENIX security conference in Washington, D.C., on a security flaw affecting “thousands of cars from a host of manufacturers,” according to a Bloomberg News report.

We could have known about these risks for some time, as the paper was actually written two years ago, but car makers like Volkswagen fought in court to keep the information private. According to Bloomberg:

“Keyless” car theft, which sees hackers target vulnerabilities in electronic locks and immobilizers, now accounts for 42 percent of stolen vehicles in London. BMWs and Range Rovers are particularly at-risk, police say, and can be in the hands of a technically minded criminal within 60 seconds.

Security researchers have now discovered a similar vulnerability in keyless vehicles made by several carmakers. The weakness – which affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers – was discovered in 2012, but carmakers sued the researchers to prevent them from publishing their findings.

More Must-Reads from TIME

Contact us at letters@time.com