NYU Tandon Professor Damon McCoy receives award for automotive cybersecurity research

NYU Tandon Computer Science and Engineering Professor Damon McCoy, Co-Director of the NYU Center for Cybersecurity (CCS), has won a USENIX Security Test of Time Award for his research showing how hackers can remotely break into cars and take control of critical systems like brakes and engines.

McCoy and his co-authors received the honor for their paper "Comprehensive Experimental Analyses of Automotive Attack Surfaces," in recognition of the research’s lasting impact on automotive cybersecurity since it was first presented at USENIX Security Symposium in 2011.

The award was announced at The 34th USENIX Security Symposium in Seattle, an annual event for experts in computer systems security and privacy. On August 14, McCoy and his co-authors will discuss their research in an Enigma Talk, presentations meant to share complex cybersecurity topics with both technical experts and broader audiences.

In their paper, McCoy, who was at University of California San Diego (UCSD) at the time, and colleagues from UCSD and the University of Washington showed that hackers could remotely break into cars through features like CD players, Bluetooth, cellular networks, and diagnostic equipment, then take control of critical functions including unlocking doors, disabling brakes, and monitoring locations and cabin audio.

"This award is a recognition for all of us on the research team," said McCoy. "At the time, the automotive industry did not know what level of access was required to compromise a vehicle's systems. We demonstrated that remote attacks were possible."

The research has influenced automotive industry security practices and the development of security standards for connected vehicles. As automobiles have become increasingly connected and autonomous, the insights from this research continue to inform cybersecurity efforts in the automotive sector.

"We're pleased to see this work continue to have an impact on automotive security," McCoy noted. "The vulnerabilities we identified represented real risks that needed attention from manufacturers and regulators."

McCoy, who joined NYU Tandon in 2014, was named NYU CCS Co-Director in 2024.

The USENIX Security Test of Time Award committee singled out the paper for its systematic approach to vulnerability analysis and its influence on both academic research and industry practices. Test of Time Awards recognize papers that have had a lasting impact on their fields, with eligibility requiring presentation at the USENIX Security Symposium at least 10 years prior.

The research team has continued their careers in academic and industry positions. The following co-authors were at UCSD at the time of the original paper: Stephen Checkoway is now Associate Professor of Computer Science at Oberlin College, Brian Kantor retired from UCSD in 2018 and passed away in 2019; Danny Anderson now runs a software consulting company; Hovav Shacham is Professor of Computer Science at The University of Texas at Austin, and Stefan Savage remains Professor of Computer Science and Engineering at UCSD. The following co-authors were at UW at the time of the paper’s publication: Karl Koscher is currently Research Scientist in Computer Science and Engineering at UW; Alexei Czeskis is SVP of Engineering at ID.me (formerly at Google); Franziska Roesner is Professor in the Paul G. Allen School of Computer Science & Engineering at UW; and Tadayoshi Kohno is currently a Professor and Chair of Computer Science at Georgetown University.

Funding for the research was provided by the National Science Foundation, the Air Force Office of Scientific Research's MURI program, and the Alfred P. Sloan Foundation.