Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

“Until we actually did the live road tests, I don’t think we were really able to say that someone could do this to a car on the road,” says Tadayoshi Kohno, an assistant professor of computer science and engineering at the University of Washington, and also a lead investigator on the project. Though some of the attacks had to be tweaked at that point, they still functioned.

It’s going to be challenging to design more secure systems for cars, Savage says, because many of the techniques commonly used to protect devices won’t transfer well. For example, it’s common for security systems to shut down computing processes when they detect abnormal behavior. In the case of an electronic braking system, however, shutting it down could be just as dangerous as allowing a corrupted program to keep running.

Savage and Kohno say they plan to work on designing new techniques for securing automotive computer systems through a newly formed Center for Automotive Embedded Systems Security. They hope to work with manufacturers and others with a stake in designing computer systems for cars to make sure their solutions are practical and easy to implement.

One striking thing about the researchers’ work is that they found many security systems that were not fully implemented, such as authentication controls that were present but not in use, says HD Moore, chief security officer at Boston company Rapid7 and chief architect of Metasploit, an open-source framework for testing systems for security holes. Moore has also tested some automotive software and found similar problems. “This gives an idea of how immature the industry is,” he says, noting that problems will likely worsen as more software extends the reach of the car’s internal network.

Kevin Fu, an assistant professor of computer science at the University of Massachusetts Amherst, agrees. “It’s probably time for a comprehensive checkup by both industry and regulators on how to provide security assurance for automotive systems with increasingly complex software controls and communication paths,” he says.

2 comments. Share your thoughts »

Credit: Center for Automotive Embedded Systems Security

Tagged: Computing, security, malware, automobiles, IEEE Symposium on Security and Privacy, Oakland conference, penetration testing

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me