Washington, District of Columbia 2021-09-22 10:00:40 –
September 22, 2021
Many people think of a car as a set of mechanical parts, and hopefully they will take us to a place together, but that’s not all.
Most cars these days have a network of computers called “electronic control units.” This network controls all systems and communicates with each other to keep everything running smoothly.
More than a decade ago, a team from the University of Washington and the University of California, San Diego investigated whether these computing systems could be hacked and how they affect the driver’s ability to control the car. Did. Surprisingly, and with the caution of the automaker, researchers were able to operate the car from a distance in a variety of ways, including disabling the brakes and stopping the engine. This work has opened up new areas of cybersecurity research and created two scientific treatises that have called for the awakening of the automotive industry.
Now the team Golden goose award From the American Association for the Advancement of Science. The award, in AAAS words, “looks vague, sounds” funny “, may have been a completely unexpected result at first, but in the end, by chance, a big breakthrough. It is a tribute to the federal-funded work that brought about. It had a great impact on society. The award was established in 2012 to counter criticisms of wasteful government spending, such as the late Senator William Proxmeir. Golden fleece award..
“I am honored to receive this award. Not only for us as individuals, but also for the computer security research community,” he said. Taro Kono, Paul G. Allen School of Computer Science & Engineering UW professor and one of the project leaders. “More than a decade ago, we saw the world’s devices incredibly computerized and wanted to understand what would happen if we continued to evolve without thinking about security and privacy. Sheds light on the importance of being thoughtful and strategic in understanding the issues that need to be addressed today. “
Kono and project co-leader Stephen SavageBoth professors of computer science and engineering at the University of California, San Diego were computer security researchers and frequently discussed potential future threats suitable for their research.
“It became clear to us when General Motors began advertising. OnStar service.. Yoshi and I talked, “There must be something there,” Savage said. “In addition, the impact of traditional computer vulnerabilities was fairly limited. Some data could be lost or passwords could be stolen. But internal organs in the event of a sudden car brake failure. There is no such thing as an effect. I think bridging the gap between the physical and virtual worlds made this exciting for us. “
Savage and Kono have formed a super team of researchers from both universities to delve into these questions. The team bought one pair of Chevrolet Impalas at each university to study as a representative car. The team worked cooperatively and in parallel, and the researchers led them with curiosity.
The first task was to learn the language used by the computerized components of the car to communicate with each other. The researchers then worked to inject their voice into the conversation.
For example, the team tried to influence the car by sending a random message to the car’s brake controller.
“I found a way to put the brake controller into this test mode,” he said. Kosher, A research scientist at Allen School who completed this study as a PhD student at the University of Washington. “And in test mode, we found that we could either leak the pressure in the braking system to prevent the brakes from working, or pressurize the system completely and hit the brakes.”
The team published two papers explaining the results in 2010 and 2011.
“In the first treatise, we asked what features an attacker would get if he could compromise one of the components in the car. He was hacked by connecting to the car’s internal network. I researched what I could do at times. ” Stephen CheckwayAn assistant professor of computer science at Oberlin College, who completed this study as a doctoral student at the University of California, San Diego. “In the second treatise, I looked for a way for someone to hack a car from a distance.”
In these treatises, the researchers chose not to reveal that they used Chevy Impalas and chose to contact GM personally.
“In a conversation with GM, they were pretty confused. They said,” There is no way for the brake controller to turn off the brakes. That doesn’t matter, “Savage said. “The fact that Karl took over our car remotely and allowed the manufacturer to do what the manufacturer thought was impossible reflects one of the key issues here. I was confused because I knew how the system would work. But we weren’t responsible for it. We only knew what the car actually did. “
The team’s treatise urged manufacturers to rethink car safety concerns and create new standard procedures for security practices. GM has appointed Vice President of Product Security to lead the new division. The Society for Automotive Engineers (SAE), a standards body for the automotive industry, quickly published the first automotive cybersecurity standards. Other car companies followed, as the federal government did. In 2012, the Defense Advanced Research Projects Agency was established. New government project The purpose is to create a cyber-physical system that is resistant to hacking.
“I want to think about what would happen if I didn’t do this job,” Kono said. “It’s hard to measure, but I feel that the neighboring industry has seen this work done in the automotive arena and has acted to avoid it. The question I have now is As a security researcher, what do we need to investigate today to have the same impact over the next decade? “
Daniel Anderson, Alexei Czeskis, Brian Canter, Damon McCoy, Schwetak Patel, Franziska Rosener When Hwafu Shacham I filled out the rest of the team. The study was funded by the National Science Foundation, the Air Force Science Research Office, the Legal Fellowship donated by Marilyn Fries, and the Alfred P. Sloan Research Fellowship.
Grant numbers: CNS-0963695, CNS-0963702, CNS-0722000, CNS-0831532, CNS-0846065, CNS-0905384, FA9550-08-1-0352
UW and UC San Diego researchers honored for their work discovering that someone could hack a car Source link UW and UC San Diego researchers honored for their work discovering that someone could hack a car