UCSD cybersleuth gets award for exposing how hackers can take control of cars

UC San Diego computer scientist Stefan Savage
Work by UC San Diego computer scientist Stefan Savage and collaborators in 2009-11 led General Motors to update software in its vehicles.
(Erik Jepsen / Courtesy of UC San Diego)

Stefan Savage and colleagues remotely disabled the brakes on a moving Chevrolet Impala. Now the American Association for the Advancement of Science has given them a Golden Goose Award.

It’s not possible for hackers to remotely take control of moving automobiles like they did in the 2017 movie “The Fate of the Furious.” That’s just Hollywood magic, right?

Actually, UC San Diego computer scientist Stefan Savage and his collaborators pulled off the feat years earlier, and they disabled the car’s brakes to boot.

It was part of a groundbreaking series of experiments that revealed a little-understood truth — cars and trucks are susceptible to potentially dangerous cyberattacks. The automotive industry responded with quick, but not foolproof, design changes.

The American Association for the Advancement of Science recognized the importance of the discovery, giving Savage and three of his collaborators a Golden Goose Award last month. The coveted honor goes to federally funded research that broadly benefits society.

Washington, D.C.-based AAAS — the nation’s largest scientific society — also gave the award to two researchers who helped pioneer mRNA-based vaccines and to a scholar who is known as the “father” of the anti-cancer drug tamoxifen.

Savage is the third UCSD professor to win a Golden Goose since 2012. His predecessors include late Nobel laureate Roger Tsien, who helped discover and develop fluorescent proteins that are useful in medicine, and Larry Smarr, the lead author of a proposal that led the government to place supercomputer centers at American universities, including UCSD.

The Golden Goose is different from many awards. AAAS says it focuses on scientists who are doing research on relatively obscure subjects that might even “sound funny” to outsiders but potentially have big payoffs.

That describes what Savage was doing in 2009, when he and collaborators at the University of Washington decided to use discretionary money to buy two new Chevrolet Impalas that featured OnStar, a cellular-based in-vehicle service that provides roadside assistance.

At the time, it was not widely believed that cars were broadly susceptible to cyberattacks. And services like OnStar were viewed by many people as simple features rather than sensitive computer systems.

That sounded odd to Savage and fellow awardees Stephen Checkoway, Tadayoshi Kohno and Karl Koscher, though they weren’t exactly experts on the subject.

“We had no idea how cars were actually manufactured or how much computing was there,” said Savage, 52, who was born in Paris and grew up in New York City.

“We had seen some OnStar commercials. So we knew that something was likely there. But there were no automotive people on this team. We educated ourselves basically by buying these cars and ripping them apart.”

As a child, Savage owned a TRS-80 Model III, one of the first mass-market home computers. And he took a lot of computer science courses at Carnegie Mellon University in Pittsburgh. So his curiosity was natural. And it paid off.

The team quickly learned that there were a lot of bugs in the cars’ computer systems, partly because they had not gone through the sort of exhaustive security testing that was common with personal computers, Savage said.

He added that it would have been hard for engineers to persuade their companies to invest millions “to keep the pink elephants away, because we’re not getting attacked. ... The automobile industry is incredibly cost-driven.”

The team members went on to decode and exploit the cars’ computer software. Initially, they were able to do simple things like control blinker lights. They worked their way up, eventually finding a way to remotely disable the brakes.

In early 2010, they took one of the cars to a decommissioned airport two hours north of Seattle for testing. Alexei Czeskis, a University of Washington graduate student, signed a death waiver and got behind the wheel because the Impala needed to be steered.

The car went in motion and the scientists soon proved that they could disable its brakes and re-engage them.

That wasn’t the only revelation.

During a different experiment, Checkoway, who earned his doctorate at UCSD, used cellular service in La Jolla to see if he could access the microphone inside the test car in Washington. The answer was yes. And, unexpectedly, he discovered that he also could listen in as researchers talked as they worked on the car.

The collective work by the researchers in La Jolla and Seattle led to the publication of landmark papers in 2010 and 2011 that shook the auto industry, notably General Motors, which makes the Impala. The scientists didn’t identify what brand of car they used in their testing, but they privately shared their data with the carmaker.

“We made a point of trying not to be adversarial,” Savage said. “We pursued a relationship and worked with GM, which updated its software.”

He’s had a lot of headline-raising breakthroughs since then, including research in 2014 that revealed that hackers could break into some of the apps and wireless devices used by private pilots. It raised the possibility that a hacker could intentionally provide a pilot with incorrect information about where his or her plane is in relation to others.

Savage’s research earned him a MacArthur Foundation “genius grant” in 2017. The award came with a no-strings-attached gift of $625,000, paid out over five years.

The money hasn’t driven him out of the lab. He’s at work on many projects, including studying how the computer systems of Boeing 737 jetliners could be exploited by hackers.

“Technology can be a medium for conflict,” Savage said. “The question is, does that conflict represent an imminent peril for someone who drives a car or, not so much, flies a plane?

“I’m a big believer that you should get out ahead of that stuff instead of waiting until it causes a crisis.”

— La Jolla Light staff contributed to this report.