Enlarging the scope of cybercrime prevention
Today, cyber threats are expanding to touch almost every aspect of our lives. Desktops, laptops, tablets and even smartphones are no longer the only personal-computing technologies that are at risk. Networked microprocessors are integral parts of televisions, telephones, medical devices, the power grid, and so on. Even the automobile is, at its core, controlled by an advanced computer network. While it sounds like a James Bond plot, Dr. Stefan Savage of University of California, San Diego, has demonstrated to the automotive industry how hackers can remotely "break" into a car and take full control without leaving a single fingerprint or trace of evidence.
Whether the car is parked or while it is in transit, Dr. Savage has proven that with a stroke of a button he can activate the most mundane of operations, such as switch on the pumps for windshield-wiper fluid, or ignite and accelerate the engine, as well as deploy the brake systems while the car is motion. Just how is this even possible? Since the Clean Air Act Amendments of 1990, a federal mandate has required the addition of computers to dynamically control the fuel-oxygen mixture and hence emissions. From this innovation, computers, or in automotive parlance - Electronic Control Units (ECUs) - became indispensable in a broad range of automotive features from anti-lock brakes, to stability control, to keyless entry and so on. Over time, automobiles also gained access to a broad range of wireless communications networks, including cellular networks to support telematics features like automated crash notification, Bluetooth for hands-free calling, short-range wireless networks for keyless entry and tire-pressure measurement and various forms of digital broadcast radio for both entertainment and traffic reporting. All of these innovations, which improve safety, cost, efficiency and convenience also open the door for potential attackers.
- Dr. Savage has demonstrated that the underlying automotive computer systems and the networks that connect them are vulnerable to attack; automakers did not identify hacking as a serious concern until this research proved otherwise.
- Future scenarios for car theft and sabotage have dramatically expanded as Dr. Savage has proven that he could remotely control a vehicle from a distance of over 2,000 miles by remotely hacking into its systems.
- Although no such scenario has been officially reported by crime officials, the fact remains that this security alert for vehicles is not simply theoretical. Major automakers have joined Dr. Savage in his pursuit of constructing preventative measures that will deter future attacks.
Dr. Savage is a co-founder of the Center for Automotive Embedded Systems Security and predicts that while the risk of computer security incidents to automobiles is very low at this present time, modern automobiles are becoming increasingly computerized and thus the risk must be mitigated to prevent future human suffering and loss. Heightened sensitivity can be attributed to Dr. Savage's research which indicated that malicious commands could be erased and concealed from authorities. In other words, a vehicle could be manipulated to crash and traces of data evidence could be easily deleted. This is just one such example of the risks to human life and justice that are the dark side of the emerging "Internet of Things."
Dr. Savage is a Principal Investigator for the Center for Automotive Embedded Systems Security, and the Center for Evidence-based Security Research.
Dr. Savage is multifaceted in his research: "I'm part of the Systems & Networking and Security research groups. His interests are all over the map, ranging from the economics of e-crime, to characterizing availability, to automotive systems to routing protocols, data center virtualization and back again. He has very broad interests (i.e. try me if you have a crazy idea)".
He earned his undergraduate degree in Applied History from Carnegie Mellon University and a Ph.D. in Computer Science from the University of Washington.
Co-founder and Chief Scientist at Asta Networks (longer an active company), served on the Strategy Advisory Council of Rendition Networks (since acquired by OpsWare), helped develop some of the technology used by Netsift (since acquired by Cisco), was an advisor to Impermium (since acquired by Google) and currently advises ZeroFox and a variety of government and commercial groups.
Dr. Savage is highly interested in computer and network security. He has worked on a wide variety of cyber-security issues, including the detection of malicious URLs, exposing security concerns involved with the mysterious realm of Bitcoin, and pioneered techniques to "follow the money" for attacking the business model of various forms of online abuse such as e-mail spam.
In the News
SIGOPS Mark Weiser Award, 2013
Special Interest Group on Operating Systems (SIGOPS)