The camera system installed on certain Tesla models can be hijacked by pretty much anyone using nothing than a piece of invisible tape, with the car then instructed to accelerate by up to 50 miles per hour (over 80 kph) over the actual speed limit.
The method was discovered by a couple of security researchers at McAfee, who explained that the MobilEye EyeQ3 camera system used on older Tesla cars can be fooled to read an incorrect speed limit.
The method doesn’t require any complex technique, but only a small sticker that you can barely see and which must be applied on a regular speed limit sign on the side of a road. The researchers used a 35 mph speed limit sign for their proof of concept, demonstrating how the car can be tricked into accelerating by up to 50 mph to 85 mph.
Tesla uses MobileEye cameras to determine speed limits and then transmit information to the on-board autonomous driving system that adjusts the speed accordingly.
The McAfee researchers say their tests were successful on both the 2016 Tesla Model X and the Model S, adding that all models equipped with similar hardware are exposed to such exploits. On the other hand, newer Tesla models come with an upgraded camera system, and the McAfee researchers explain this method no longer seems to be working, albeit they do emphasize that their testing on new-generation Teslas was very limited.
Hacking machine learning systems isn’t necessarily something new, but the more concerning part is that this method can be used by pretty much anyone without the car passengers to even notice.
“In our lab tests, we had developed attacks that were resistant to change in angle, lighting and even reflectivity, knowing this would emulate real-world conditions. While these weren’t perfect, our results were relatively consistent in getting the MobilEye camera to think it was looking at a different speed limit sign than it was,” security researchers Steve Povolny and Shivangee Trivedi explain.
“The next step in our testing was to reduce the number of stickers to determine at which point they failed to cause a misclassification. As we began, we realized that the HUD continued to misclassify the speed limit sign. We continued reducing stickers from 4 adversarial stickers in the only locations possible to confuse our webcam, all the way down to a single piece of black electrical tape, approximately 2 inches long, and extending the middle of the 3 on the traffic sign.”
The issue only seems to affect early Tesla models equipped with the Tesla hardware pack 1 and mobilEye version EyeQ3, according to the research.
The findings were disclosed to Tesla and MobileEye in the fall of 2019, but both said they don’t have any “plans to address the issue on the existing platform.”
The method doesn’t require any complex technique, but only a small sticker that you can barely see and which must be applied on a regular speed limit sign on the side of a road. The researchers used a 35 mph speed limit sign for their proof of concept, demonstrating how the car can be tricked into accelerating by up to 50 mph to 85 mph.
Tesla uses MobileEye cameras to determine speed limits and then transmit information to the on-board autonomous driving system that adjusts the speed accordingly.
The McAfee researchers say their tests were successful on both the 2016 Tesla Model X and the Model S, adding that all models equipped with similar hardware are exposed to such exploits. On the other hand, newer Tesla models come with an upgraded camera system, and the McAfee researchers explain this method no longer seems to be working, albeit they do emphasize that their testing on new-generation Teslas was very limited.
Hacking machine learning systems isn’t necessarily something new, but the more concerning part is that this method can be used by pretty much anyone without the car passengers to even notice.
“In our lab tests, we had developed attacks that were resistant to change in angle, lighting and even reflectivity, knowing this would emulate real-world conditions. While these weren’t perfect, our results were relatively consistent in getting the MobilEye camera to think it was looking at a different speed limit sign than it was,” security researchers Steve Povolny and Shivangee Trivedi explain.
“The next step in our testing was to reduce the number of stickers to determine at which point they failed to cause a misclassification. As we began, we realized that the HUD continued to misclassify the speed limit sign. We continued reducing stickers from 4 adversarial stickers in the only locations possible to confuse our webcam, all the way down to a single piece of black electrical tape, approximately 2 inches long, and extending the middle of the 3 on the traffic sign.”
The issue only seems to affect early Tesla models equipped with the Tesla hardware pack 1 and mobilEye version EyeQ3, according to the research.
The findings were disclosed to Tesla and MobileEye in the fall of 2019, but both said they don’t have any “plans to address the issue on the existing platform.”