Allen School News

Karl Koscher and Ian Foster of UCSD demonstrating the latest car security flaw (Photo: Ryan Young for Wired)

UW CSE Ph.D. alum Karl Koscher, of 60 Minutes car hacking fame, is in the news once again for exposing the vulnerabilities of motor vehicle systems with a team at University of California, San Diego, where he is doing a postdoc with UCSD CSE professors and UW CSE Ph.D. alums Stefan Savage and Geoff Voelker.

This time, Karl and his fellow researchers demonstrate for Wired magazine and the USENIX security conference a new threat for motorists: common plug-in devices such as those provided by insurance firms to monitor a vehicle’s location, mileage and speed.

From the Wired article:

“Car hacking demos like last month’s over-the-internet hijacking of a Jeep have shown it’s possible for digital attackers to cross the gap between a car’s cellular-connected infotainment system and its steering and brakes. But a new piece of research suggests there may be an even easier way for hackers to wirelessly access those critical driving functions: Through an entire industry of potentially insecure, internet-enabled gadgets plugged directly into cars’ most sensitive guts….

“By sending carefully crafted SMS messages to one of those cheap dongles connected to the dashboard of a Corvette, the researchers were able to transmit commands to the car’s CAN bus—the internal network that controls its physical driving components—turning on the Corvette’s windshield wipers and even enabling or disabling its brakes.”

As Karl says, “Think twice about what you’re plugging into your car.”

Read the full article and watch a video demonstration here. Read a recent blog post on this same topic featuring Karl’s Ph.D. adviser, UW CSE professor Yoshi Kohno (who was one of the first to sound the alarm over car security), here. Read more →

Alexandra Meliou, an assistant professor at University of Massachusetts, Amherst who completed a postdoc under the guidance of UW CSE professor Dan Suciu in 2012, has earned the National Science Foundation’s prestigious CAREER award.

Alexandra’s research focuses on reverse-engineering data transformations to understand, diagnose and manipulate data. She is interested in enhancing data management systems to compute and use data provenance information to identify errors, diagnose the causes of errors, and improve data quality. Learn more about her NSF-supported project here.

(Thanks to Alexandra’s fellow UW CSE postdoc alum – and previous NSF CAREER award winner – Yuriy Brun for the tip.)

Congratulations, Alexandra! Read more →

The Wall Street Journal has a great article on UW CSE bachelor’s alum Brandon Ballinger (’06) and his new heart rate tracking app, Cardiogram. Brandon, who is currently working as a data scientist at the University of California, San Francisco, built the app to assist researchers with gathering data for UCSF’s Health eHeart study. But first, he decided to test the app on two things that are near and dear to many people’s hearts: Mexican food and Game of Thrones.

From the article:

“Anyone who follows Game of Thrones knows that few things can set your heart racing quite like Valyrian Steel. Now there’s data to prove it.

“….Mr. Ballinger built an Apple Watch app, called Cardiogram, that can track a user’s heart rate through the day. With the app, Mr. Ballinger has learned that his own heart jumps to more than 120 beats per minute when he eats a burrito.

“In the long term, he’d like people to use Cardiogram to give medical researchers new insights into how the heart works.

“Short term, he’s been playing around with Cardiogram to learn how his heart rate changes throughout the day. A few months ago, he invited 10 of Cardiogram’s early users to watch Game of Thrones. ‘It’s almost like a Nielsen ratings on a second-by-second basis,’ Ballinger said.”

Read the complete article (spoiler alert!) here. Read our previous coverage of Brandon’s exploits since graduating from CSE – like helping to solve the headache that was the original Healthcare.gov – here. You can download the Cardiogram app for Apple Watch or Android Wear here. Read more →

Pedro Domingos

UW CSE professor Pedro Domingos and Ph.D. student Abe Friesen brought home the Distinguished Paper Award from the 2015 International Joint Conference on Artificial Intelligence (IJCAI) last month in Buenos Aires.

Pedro and Abe developed a new algorithm, Recursive Decomposition into locally Independent Subspaces (RDIS), capable of solving a broad class of nonconvex optimization problems. The duo demonstrated that RDIS significantly outperforms standard optimization techniques when applied to complex problems such as protein folding and mapping three-dimensional space from two-dimensional images. By applying problem-decomposition techniques to continuous optimization problems, RDIS has the potential to advance several areas of AI research, including computer vision, machine learning and robotics.

From the UW news release:

“‘In some ways optimization is the most important problem you’ve never heard of because it turns up in all areas of science, engineering and business. But a lot of optimization problems are extremely difficult to solve because they have a huge number of variables that interact in intricate ways,’ said senior author Pedro Domingos….

Abe Friesen

“The UW optimization algorithm, known by its acronym RDIS, progressively breaks an enormously complicated problem down into smaller, more manageable chunks — a simple idea commonly used when a problem consists of yes-or-no choices, but which had not previously been applied to numeric variables. RDIS can identify variables that, once set to specific values, break a larger problem into independent subproblems.  Often, the problems are only nearly independent, but RDIS limits the error caused by treating them as fully independent.

“‘This approach is something that is very different than what people were doing before and it also does something magical, which is solve some problems exponentially faster. And anytime you can do that, that’s when you get a big win,’ said Domingos.”

Read the news release here. Read the award-winning paper, “Recursive Decomposition for Nonconvex Optimization,” here.

Congratulations to Abe and Pedro on the big win! (Pedro has been on a roll lately – this latest achievement was preceded by winning the KDD 2015 Test of Time Award, publishing a new book, The Master Algorithm, and winning the KDD 2014 Innovation Award.) Read more →

Normally, we don’t play around when it comes to cyber-security. But according to UW CSE professor Mike Ernst, playing around may be just what we need in order to better defend against hackers and cyber-criminals. BBC News reported this week on the Verigames project – part of DARPA’s Crowd Sourced Formal Verification (CSFV) program – which harnesses the power of citizen science to make software less vulnerable. Mike talked to the BBC about engaging players of casual games, including those developed at UW CSE’s Center for Game Science, to make formal software verification more efficient – and help make the world a safer place.

From the article:

“[A]s software is critical in the running of almost everything these days, from national energy networks to police drones, air traffic control systems to emergency services, formal verification is an essential process….

“The problem is that formal verification – providing mathematical proof that a piece of software is error-free – is a complex business.

“‘Formal verification is wildly expensive and very difficult,’ says Michael Ernst, a computer science professor at the University of Washington who is involved with the DARPA project.

“‘That’s because you usually need a highly skilled, highly paid software engineer to carry out the process.’”

Verigames is helping to speed up that process by enlisting a “volunteer army” of players who solve puzzle-based games that aid in the formal verification of an underlying piece of software. Other efforts to promote citizen science through gaming, led by the Center for Game Science, have been useful in advancing synthetic biology research and helping scientists to better understand diseases such as the Ebola virus and AIDS.

Read the BBC News article here. Learn more about Verigames here, and try your hand at Paradox, one of the games developed by UW CSE’s Center for Game Science, here. Read more →

UW CSE faculty member Chris Diorio, who co-founded the RFID company Impinj based on technology developed here at UW CSE and at his Ph.D. alma mater, Caltech, was named Innovator of the Year at the ACE (Annual Creativity in Electronics) Awards by the EDN Network and EE Times.

Chris was honored for “his pioneering work in advancing next-generation UHF RFID technology,” and for being a “tireless promoter of RFID’s potential since entering the industry in 2002.” In addition to his role as CEO of Impinj, Chris serves as chairman of the RAIN RFID Alliance, which promotes universal adoption of the UHF RFID technology.

Read more in this nice article about Chris’s work (and car racing!), courtesy of EDN.

Congratulations, Chris! Read more →

UW CSE professor Yoshi Kohno was quoted in this week’s big, scary story in The Washington Post on hacking and the Internet of Things, inspired by his past research on the vulnerability of motor vehicle systems.

Last fall, Yoshi and a team of students were featured in this segment that aired on 60 Minutes in which they remotely took control of a car driven around a UW parking lot (a deserted UW parking lot!) by correspondent Lesley Stahl. Recently, another team of researchers demonstrated the ability to hack into another make and model on a public highway – once again bringing the topic of motor vehicle security in an increasingly connected world to the fore.

Noting that the cars on the market today are “computers on wheels,” the article, “Hacks on the Highway,” explains what makes them so vulnerable:

“Once inside, most computer systems on modern vehicles are somehow connected, if only indirectly. Researchers who have hacked their way into computers that control dashboard displays, lighting systems or air bags have found their way to ones running transmission systems, engine cylinders and, in the most advanced cars, steering controls. Nearly all of these systems speak a common digital language, a computer protocol created in the 1980s when only motorists and their mechanics had access to critical vehicle controls….

“Scientists from the University of Washington and the University of California at San Diego reported in 2010 that, with physical access to a car, they could control almost any computerized system within it. When some critics questioned the realism of that scenario — if you were in the car, you could simply turn off the engine or hit the brakes yourself, they said — the researchers found a way to do many of the same things remotely….

“’We can do this from a thousand miles away,’ said Tadayoshi Kohno, one of the University of Washington researchers who worked on the project, published in 2011.”

The article provides an in-depth look at the factors that make automobiles vulnerable and how regulators are trying to address the threat. It is definitely worth a read if you drive a car (particularly if you drive a Jeep). Check out the full article here, our past blog post on the 60 Minutes demonstration here, and the 2011 article by The New York Times on the UW and UCSD research here. Read more →

Matt Reynolds and Shwetak Patel

Research led by UW CSE and EE professors Matt Reynolds and Shwetak Patel that will enable “command by gesture” for smartphones is the topic of a special report on human-machine interfaces in the July issue of IEEE Signal Processing Magazine. The technology, known as SideSwipe, relies on a phone’s own wireless transmissions, using small antennae to read changes in the signal caused by different hand motions.

From the article:

“Smartphones have become increasingly affordable and more widely used over the past several years. Yet smartphones and their applications are difficult to control in situations where the user lacks direct access to the touchscreen, such as while driving a car, cooking a meal, or exercising. While voice recognition technology promises a partial solution to the problem, such systems are far from foolproof and particularly unreliable in noisy environments.

“In an effort aimed at creating an alternate ‘hands off’ control technology, University of Washington researchers have created a new type of low-power wireless sensing technology that promises to allow users to ‘train’ their smartphones to recognize and respond to specific hand gestures….”

Read the full article here, and check out past CSE blog coverage of SideSwipe here and here. Read more →

UW CSE professor Franzi Roesner, graduate students Polina Charters and Tobin Holliday of UW’s DUB Group, and Susan McGregor of the Columbia Journalism School have released the results of a new study examining journalists’ computer security practices in an age of widespread data collection and surveillance.

The researchers analyzed the security habits of 15 working journalists, including how they communicate with sources and what tools and strategies they use to protect sensitive information that they receive in the course of their work. They found that the method of communication is often driven by the source rather than the journalist, and that journalists often use personal mobile devices and cloud-based systems to transmit or store information — practices which could compromise security despite the journalists’ best intentions.

From the UW news release:

“‘The way people try to bridge gaps can introduce security issues,’ said UW senior author Franziska Roesner … ‘If you use your iPhone to translate speech to text, for example, it sends that information to Apple. So if you record a sensitive conversation, you have to trust that Apple isn’t colluding with an adversary or that Apple’s security is good enough that your information is never going to be compromised …’

“’The flip side is that it’s not just a matter of giving journalists information about the right tools to use — it’s that the tools are often not usable,’ Roesner said. ‘They often fail because they’re not designed for journalists.’”

The team hopes its findings will help members of the computer security community to better understand the needs of journalists. These insights will help them to develop security solutions that protect journalist-source communications without hindering the journalistic process.

Read the full new release here and the team’s detailed findings, which will be presented at the 24^th USENIX Security Symposium next month, here. Read more →

The August issue of Scientific American profiles several new smartphone apps that help diagnose and manage disease. Among those featured in the article is ApneaApp, which was developed by UW CSE professor Shyam Gollakota, UW CSE Ph.D. student Rajalakshmi Nandakumar and Dr. Nathaniel Watson of the UW Medicine Sleep Center to enable wireless diagnosis of sleep apnea.

The article noted, “An initial laboratory trial has shown ApneaApp to be just as effective as hooking up patients to tracking instruments in a sleep clinic.” The next step will be to test the app in patients’ homes.

Read the full article in Scientific American here. Read UW’s news release and view a video demonstration of ApneaApp here and read past CSE blog coverage of the app here. Read more →