It's not every day that you get to hack into a car driven by a celebrity news correspondent--with their permission. But that's exactly what Karl Koscher, a postdoctoral fellow in the Department of Computer Science and Engineering at the Jacobs School, got to do for an episode of CBS's 60 Minutes that aired Sunday, Feb. 8.
The show was focusing on security flaws within the Internet of Things--the effort to connect appliances, computers and other devices, including cars, in a network that would make users' lives easier. Watch the full show here: http://www.cbsnews.com/news/darpa-dan-kaufman-internet-security-60-minutes/
Koscher was putting into practice knowledge accumulated over the years by researchers in the Systems and Networking group here at the Jacobs School and in the Security and Privacy Research Lab at the University of Washington. The team first presented a ground-breaking paper on the topic in May 2010 at the IEEE Symposium on Security and Privacy in Oakland, Calif. They summed up in a press release at the time:
Modern automobiles are becoming increasingly computerized — with many components controlled partially or entirely by computers and networked both internally and externally. This architecture is indeed the basis for significant advances in safety (e.g., anti-lock brakes), fuel efficiency, and convenience. However, increasing computerization also creates new risks that must be addressed as well. Our research mission is to help ensure that these future automotive systems can enjoy the benefits of a computerized architecture while providing strong assurances of safety, security, and privacy.However, the researchers were quick to point out that car owners should not panic:
Our research consists of three complementary strands: conceptual, experimental, and developmental. We conceptually evaluate the computer security landscape for potential future automobiles in order to guide our experimental and developmental research. Weexperimentally evaluate real examples of today's technologies to create informed understandings of potential computer security risks with future automobiles, as well as understandings of the challenges for overcoming those risks. We then develop new security technologies to overcome those challenges and mitigate the associated risks.
We believe that car owners today should not be overly concerned at this time. It requiressignificant sophistication to develop the capabilities described in our paper and we are unaware of any attackers who are even targeting automobiles at this time.More info about the research here: http://www.autosec.org/
However, we do believe that our work should be read as a wake-up call. While today's car owners should not be alarmed, we believe that it is time to focus squarely on addressing potential automotive security issues to ensure that future cars — with ever more sophisticated computer control and broader wireless connectivity — will be able to offer commensurately strong security guarantees as well.