UC San Diego computer scientist Stefan Savage and his colleagues first gave the automotive industry a wake-up call when they published research demonstrating the ability to hack a car’s computer system in 2010.
This research, and the resulting academic paper, was honored with the Test of Time Award at this year’s IEEE Symposium on Security and Privacy for its broad and lasting impact.
“This effort alerted the automotive sector that security needed to become a top priority,” Savage said. “When we showed up it was not considered a critical function by any automaker or the U.S. Department of Transportation. All of that changed remarkably quickly as a result of our work.”
In the decade since the paper was first published, it has spawned new automotive security standards and organizations, government programs focused on vehicular cybersecurity, dozens of automotive security startups, countless follow-on research efforts and, most importantly, a pervasive focus on product security by major automakers around the globe.
Identifying Security Risks in Cars
In the 2010 paper, titled Experimental Security Analysis of a Modern Automobile, Savage and colleagues at UC San Diego and the University of Washington demonstrated the ability to hack
With their eye-opening results in hand, and prior to publishing them, one of the first things the researchers did was reach out directly to the automotive industry. Their goal was to alert industry to the vulnerabilities and form lasting partnerships that would ultimately enhance the safety, security, and privacy of millions of cars on the road.
“We observed that this was an industry-wide issue and not specific to a particular manufacturer,” said Tadayoshi Kohno, a…