• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Researchers Uncover Potentially Fatal Flaw in Tesla Autopilot  

April 3, 2019 By The Editor

Security issues with connected cars are nothing new. Several years ago, researchers demonstrated that they could run a Jeep off the road after compromising the vehicle’s connected system. And last year, researchers uncovered a bug that allowed them to access the back end systems of an internet-connected vehicle management systems that could allow them to locate and unlock cars, disable their alarms and start the engines. But, according to Ars Technica, researchers from Tencent’s Keen Security Lab recently shed light on a different type of security vulnerability in a Tesla Model S 75 – one with potentially fatal consequences.

Without hacking into the car’s computing system, they were able to prove that a Tesla can be tricked into automatically changing lanes and driving into oncoming traffic. How? The researchers subtly altered the vehicle’s driving environment, placing discreet stickers across the roadway so that the Tesla’s Enhanced Autopilot feature would detect and follow the directional change in the current lane.

In the full report, the researchers explained:

“Tesla autopilot module’s lane recognition function has a good robustness in an ordinary external environment (no strong light, rain, snow, sand and dust interference), but it still doesn’t handle the situation correctly in our test scenario. This kind of attack is simple to deploy, and the materials are easy to obtain. As we talked in the previous introduction of Tesla’s lane recognition function, Tesla uses a pure computer vision solution for lane recognition, and we found in this attack experiment that the vehicle driving decision is only based on computer vision lane recognition results. Our experiments proved that this architecture has security risks and reverse lane recognition is one of the necessary functions for autonomous driving in non-closed roads. In the scene we build, if the vehicle knows that the fake lane is pointing to the reverse lane, it should ignore this fake lane and then it could avoid a traffic accident.”

Although this type of attack isn’t the result of an issue with Tesla’s software, it does highlight one of the many potential security risks presented by connected vehicles. Elon Musk himself acknowledged the research as “solid work.”

You can read more about this vulnerability in the complete write-up in Ars Technica. Learn more about connected car hacks and stay up to date on the latest security news and best practices here on Secplicity.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: Hacking, Infosec news, security

Comments

  1. Kristin says

    April 9, 2019 at 1:17 pm

    But the potentially fatal flaw was not enough to merit Tesla’s Bug Bounty program and was not considered a real world scenario according to Tesla’s statement since the driver could easily take back control of the car assuming they are paying attention, which they always should be. The primary vulnerability in Tesla’s autopilot system which would result in the remote control of the car was already patched 2017-2018. Not a fan of self-driving anything, but I’m sure the Wright Brothers had issues to deal with before they took first flight. If Tesla has to wait for things to be perfect, they’ll never “get off the ground”. Will be interesting to see this unfold.

    Reply
  2. Dave Purscell says

    April 19, 2019 at 12:14 pm

    Interesting article. Curious how the reverse lane recognition functions during Minnesota’s other season… Road Construction. Crossovers happen frequently (and totally confuse Google Maps when it happens). Crossovers sometime happen with little or no advance notice. Contraflow is another tool which can be used in disasters (such as hurricane evacuation) and to manage congestion.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use