A team from the UW and UC San Diego has received the Golden Goose Award from the American Association for the Advancement of Science. From left to right: Tadayoshi Kohno, Stephen Checkoway and Karl Koscher. (Not pictured: Stefan Savage)Mark Stone/University of Washington
Many people think of a car as a series of mechanical parts that – hopefully – work together to take us places, but that’s not the whole story.
Inside most modern cars is a network of computers, called “electronic control units,” that control all the systems and communicate with each other to keep everything rolling smoothly along.
More than 10 years ago, a team from the University of Washington and the University of California San Diego investigated whether these computing systems could be hacked and how that would affect a driver’s ability to control their car. To their own surprise – and to the alarm of car manufacturers – the researchers were able to manipulate the car in many ways, including disabling the brakes and stopping the engine, from a distance. This work led to two scientific papers that opened up a new area of cybersecurity research and served as a wake-up call for the automotive industry.
Now the team has received the Golden Goose Award from the American Association for the Advancement of Science. The award honors federally funded work that, in the words of AAAS, “may have seemed obscure, sounded ‘funny,’ or for which the results were totally unforeseen at the outset, but which ultimately led, often serendipitously, to major breakthroughs that have had significant societal impact.” The award was established in 2012 to counter criticisms of wasteful government spending, such as the late U.S. Sen. William Proxmire’s Golden Fleece Award.
“It’s an incredible honor to receive this award. Not only for us as individuals, but for the computer security research community,” said Tadayoshi Kohno, UW professor in the Paul G. Allen School of Computer Science & Engineering and one of the project leaders. “More than 10 years ago, we saw that devices in our world were becoming incredibly computerized, and we wanted to understand what the risks might be if they continued to evolve without thought toward security and privacy. This award shines light on the importance of being thoughtful and strategic in figuring out what problems to work on today.”
Kohno and project co-lead Stefan Savage, a UC San Diego professor of computer science and engineering, are both computer security researchers who often chatted about potential upcoming threats that could be good to study.
“It became apparent to us when General Motors started advertising its OnStar service. Yoshi and I had a conversation, saying, ‘I bet there’s something there,'” Savage said. “Moreover, vulnerabilities in traditional computers had fairly limited impacts. You might lose some data or get a password stolen. But nothing like the visceral effect of a car’s brakes suddenly failing. I think that bridging that gap between the physical world and the virtual one was something that made this exciting for us.”
Savage and Kohno formed a super-team of researchers from both universities to dig into these questions. The team purchased a pair of Chevy Impalas – one for each university – to study as a representative car. The team worked collaboratively and in parallel, with researchers letting curiosity guide them.
Shown here are (from left to right) Karl Koscher, Tadayoshi Kohno and Stephen Checkoway with the UW team’s Chevy Impala.Mark Stone/University of Washington
The first task was to learn the language the cars’ computerized components used to communicate with each other. Then the researchers worked to inject their own voices into the conversation.
For example, the team started sending random messages to the cars’ brake controllers to try to influence them.
“We figured out ways to put the brake controller into this test mode,” said Karl Koscher, a research scientist in the Allen School who completed this research as a UW doctoral student. “And in the test mode, we found we could either leak the brake system pressure to prevent the brakes from working or keep the system fully pressurized so that it slams on the brakes.”
The team published two papers in 2010 and 2011 describing the results.
“The first paper asked what capabilities an attacker would have if they were able to compromise one of the components in the car. We connected to the cars’ internal networks to examine what we could do once they were hacked,” said Stephen Checkoway, an assistant professor of computer science at Oberlin College who completed this research as a UC San Diego doctoral student. “The second paper explored how someone could hack the car from afar.”
In these papers, the researchers chose not to unveil that they had used Chevy Impalas, and opted to contact GM privately.
“In our conversations with GM, they were quite puzzled. They said, ‘There’s no way to make the brake controller turn off the brakes. That’s not a thing,'” Savage said. “That Karl could remotely take over our car and make it do something the manufacturer didn’t think was possible reflects one of the key issues at play here. The manufacturer was hamstrung because they knew how the system was supposed to work. But we didn’t have that liability. We only knew what the car actually did.”
Stephen Checkoway (background) and Karl Koscher (foreground) work on a computer on top of the UW’s Chevy Impala.Mark Stone/University of Washington
The team’s papers prompted manufacturers to rethink car safety concerns and create new standard procedures for security practices. GM ended up appointing a vice president of product security to lead a new division. The Society for Automotive Engineers (SAE), the standards body for the automotive industry, quickly issued the first automotive cybersecurity standards. Other car companies followed along, as did the federal government. In 2012, the Defense Advanced Research Projects Agency launched a new government project geared toward creating hacking-resistant, cyber-physical systems.
“I like to think about what would have happened if we hadn’t done this work,” Kohno said. “It is hard to measure, but I do feel that neighboring industries saw this work happening in the automotive space and then they acted to avoid it happening to them too. The question that I have now is, as security researchers, what should we be investigating today, such that we have the same impact in the next 10 years?”
Members of the automobile security research team in 2010, left to right: Stephen Checkoway, Alexei Czeskis, Karl Koscher, Franziska Roesner, Tadayoshi Kohno, Stefan Savage and Damon McCoy. (Not pictured: Danny Anderson, Shwetak Patel, and Brian Kantor)University of Washington
Daniel Anderson, Alexei Czeskis, Brian Kantor, Damon McCoy, Shwetak Patel, Franziska Roesner and Hovav Shacham filled out the rest of the team. This research was funded by the National Science Foundation, the Air Force Office of Scientific Research, a Marilyn Fries endowed regental fellowship and an Alfred P. Sloan research fellowship.