Five Years On, Car Hacking Research Still Triggering Alarms

Aug 6, 2015
Car hacking

Research dating back to 2010 in the lab of CSE Prof. Stefan Savage is still making headlines. In an article published by dozens of newspapers this week, the Associated Press reported that hackers are still able to hack automotive systems from a distance -- forcing Fiat Chrysler to become the first automaker to recall cars to patch a cybersecurity problem. It recalled 1.4 million Jeeps after a Jeep in St. Louis was hacked by "white hat" hackers using a laptop in Pittsburgh. In the AP article, CSE alumnus Yoshi Kono, who worked with Savage and continues to work on cybersecurity as a professor at the University of Washington, notes that the "adversary only needs to find one way to compromise the system, where a defender needs to protect against all ways" of hacking a car.

Professor Savage was also interviewed for the story. He praised Tesla for hiring a cybersecurity officer with power to make changes, but other automakers have been slow to act. He also noted that software can have vulnerabilities an automaker may not know about, because radios and other devices often have software owned by the outside supplier. Savage is also quoted as saying that it's difficult to isolate radios, locks and other features from computers that move and stop the car, noting that after a crash, cars are programmed to unlock their doors. He also predicts that all automakers will speed up plans for instant Internet software updates. "I'd be shocked if everyone doesn't deploy this stuff in the next few months," said Savage. "They can't afford not to."

Read the full Associated Press article.