Skip to main content

Wired magazine: UW CSE’s and UCSD’s original car hack “far ahead of its time”

Karl Koscher hacking a car

UW CSE alum Karl Koscher is still hacking cars

Wired published a fascinating article today on the car industry’s slow response to security flaws revealed by the car hack led by UW CSE professor Yoshi Kohno and UCSD professor (and UW CSE Ph.D. alum) Stefan Savage five years ago. The article notes that it took the affected manufacturer, General Motors, five years to issue a fix to its millions of vehicles equipped with the OnStar system that the team demonstrated was vulnerable to attack.

From the article:

“When a pair of security researchers showed they could hack a Jeep over the Internet earlier this summer to hijack its brakes and transmission, the impact was swift and explosive….

“But when another group of researchers quietly pulled off that same automotive magic trick five years earlier, their work was answered with exactly none of those reactions….

“For nearly half a decade, millions of GM cars and trucks were vulnerable to that privately known attack, a remote exploit that targeted its OnStar dashboard computer and was capable of everything from tracking vehicles to engaging their brakes at high speed to disabling brakes altogether.

“ ‘We basically had complete control of the car except the steering,’ says [UW CSE Ph.D. alum and UCSD postdoc] Karl Koscher, one of the security researchers who helped to develop the attack. ‘Certainly it would have been better if it had been patched sooner.’ ”

The article explains how the research team chose to notify GM and federal regulators of the vulnerability, instead of publicizing it widely as was the case with more recent car hacking demonstrations. Although it took five years for GM to issue a fix, that was less an issue of negligence than of a lack of preparation industry-wide. As the article explains it:

“GM’s glacial response is partly a result of just how far ahead of its time the UCSD and UW researchers’ OnStar attack was. Their technique, described in a pair of papers in 2010 and 2011, represented a brilliant and unprecedented chain of hacker attacks integrated into a single exploit.”

Read the full article here, and view our car hacking demonstration that aired on 60 Minutes here.

Published by Kristin Osborne on September 10, 2015

Connect With #UWAllen

Paul G. Allen School of Computer Science & Engineering
University of Washington

Main Administrative Offices:
Paul G. Allen Center, Box 352350
185 E Stevens Way NE
Seattle, WA 98195-2350
Directions

Student Services:
Bill & Melinda Gates Center, Box 352355
3800 E Stevens Way NE
Seattle, WA 98195-2355

Contact us:
Main Tel: (206) 543-1695
Media Inquiries: media at cs.washington.edu
Webmaster: support at cs.washington.edu

Computer Engineering degree program accredited by ABET


Undergraduate Advising: ugrad-adviser at cs.washington.edu
Professional Master's Program Advising: masters at cs.washington.edu
Graduate (Ph.D.) Advising: grad-advising at cs.washington.edu


Copyright © 2017-2021 University of Washington - Seattle - Paul G. Allen School of Computer Science & Engineering | All Rights | Privacy | Terms