Many people think of cars as a series of mechanical parts that — hopefully — work together to take us places, but that's not the whole story.
Inside most modern cars is a network of computers, called "electronic control units," that control all the systems and communicate with each other to keep everything rolling smoothly along.
More than 10 years ago, a team from the University of California San Diego and University of Washington investigated whether these computing systems could be hacked and how that would affect a driver's ability to control their car. To their own surprise — and to the alarm of car manufacturers — the researchers were able to manipulate the car in many ways, including disabling the brakes and stopping the engine, from a distance. This work led to two scientific papers that opened up a new area of cybersecurity research and served as a wake-up call for the automotive industry.
Now the team has received the Golden Goose Award from the American Association for the Advancement of Science. The Golden Goose Award recipients demonstrate how scientific advances resulting from foundational research can help respond to national and global challenges, often in unforeseen ways. The award, established in 2012, honors scientific studies or research that may have seemed obscure, sounded “funny,” or for which the results were totally unforeseen at the outset, but which ultimately led, often serendipitously, to major breakthroughs that have had significant societal impact.
"When General Motors started advertising its OnStar service, Yoshi and I had a conversation, saying, 'I bet there's something there,'" Savage said. "Moreover, vulnerabilities in traditional computers had fairly limited impacts. You might lose some data or get a password stolen. But nothing like the visceral effect of a car’s brakes suddenly failing. I think that bridging that gap between the physical world and the virtual one was something that made this exciting for us."
The car cybersecurity project was led by Stefan Savage and Tadayoshi Kohno, two professors of computer science at UC San Diego and the University of Washington, respectively. Kohno is a UC San Diego Ph.D. alumnus, receiving his Ph.D. in Computer Science and Engineering in 2006.
"More than 10 years ago, we saw that devices in our world were becoming incredibly computerized, and we wanted to understand what the risks might be if they continued to evolve without thought toward security and privacy,” Kohno said. “This award shines light on the importance of being thoughtful and strategic in figuring out what problems to work on today."
Savage and Kohno are both computer security researchers who often chatted about potential upcoming threats that could be good to study.
The team’s papers prompted manufacturers to rethink car safety concerns and create new standard procedures for security practices. GM ended up appointing a vice president of product security to lead a new division. The Society for Automotive Engineers (SAE), the standards body for the automotive industry, quickly issued the first automotive cybersecurity standards. Other car companies followed along, as did the federal government. In 2012, the Defense Advanced Research Projects Agency launched a new government project geared toward creating hacking-resistant, cyber–physical systems.
"I like to think about what would have happened if we hadn't done this work," Kohno said. "It is hard to measure, but I do feel that neighboring industries saw this work happening in the automotive space and then they acted to avoid it happening to them too. The question that I have now is, as security researchers, what should we be investigating today, such that we have the same impact in the next 10 years?"
Discovering vulnerabilities
Savage and Kohno formed a super-team of researchers from both universities. The team purchased a pair of Chevy Impalas — one for each university — to study as a representative car. Researchers worked collaboratively and in parallel, letting curiosity guide them.
The first task was to learn the language the cars' computerized components used to communicate with each other. Then the researchers worked to inject their own voices into the conversation.
For example, the team started sending random messages to the cars' brake controllers to try to influence them.
"We figured out ways to put the brake controller into this test mode," said Karl Koscher, a research scientist at UW, who also earned his PhD in Seattle. "And in the test mode, we found we could either leak the brake system pressure to prevent the brakes from working or keep the system fully pressurized so that it slams on the brakes."
The team published two papers in 2010 and 2011 describing the results.
"The first paper asked what capabilities an attacker would have if they were able to compromise one of the components in the car. We connected to the cars' internal networks to examine what we could do once they were hacked," said Stephen Checkoway, an assistant professor of computer science at Oberlin College who completed this research as a UC San Diego doctoral student. "The second paper explored how someone could hack the car from afar."
In these papers, the researchers chose not to unveil that they had used Chevy Impalas, and opted to contact GM privately.
"In our conversations with GM, they were quite puzzled. They said, 'There's no way to make the brake controller turn off the brakes. That's not a thing,'" Savage said. "That Karl could remotely take over our car and make it do something the manufacturer didn't think was possible reflects one of the key issues at play here. The manufacturer was hamstrung because they knew how the system was supposed to work. But we didn't have that liability. We only knew what the car actually did."
Daniel Anderson, Alexei Czeskis, Brian Kantor, Damon McCoy, Shwetak Patel, Franziska Roesner and Hovav Shacham filled out the rest of the team. This research was funded by the National Science Foundation, the Air Force Office of Scientific Research, a Marilyn Fries endowed regental fellowship and an Alfred P. Sloan research fellowship.
CSE affiliations for the team include:
- Stefan Savage, CSE professor
- Tadayoshi Kohno, CSE alumnus
- Hovav Shacham, previous CSE professor
- Stephen Checkoway, CSE alumnus
- Damon McCoy, CSE alumnus
Other award recipients
This year’s two other Golden Goose awards went to Katalin Karikó and Drew Weissman for their role in making mRNA into a medical therapy; and to V. Craig Jordan, who is known for pioneering the scientific principles behind a class of drugs called selective estrogen receptor modulators, or SERMs.
UC San Diego researchers who received the Golden Goose award in the past include Larry Smarr, former director of the California Institute for Telecommunications and Technology and a professor in the Department of Computer Science and Engineering; and Nobel laureate Roger Tsien, a professor of pharmacology, chemistry and biochemistry, who passed away in 2016.