1
Abstract
Keen Security Lab has maintained the security research work on Tesla vehicle and
shared our research results on Black Hat USA 2017
[1]
and 2018
[2]
in a row. Based on
the ROOT privilege of the APE (Tesla Autopilot ECU, software version 18.6.1), we
did some further interesting research work on this module. We analyzed the CAN
messaging functions of APE, and successfully got remote control of the steering
system in a contact-less way. We used an improved optimization algorithm to generate
adversarial examples of the features (autowipers and lane recognition) which make
decisions purely based on camera data, and successfully achieved the adversarial
example attack in the physical world. In addition, we also found a potential high-risk
design weakness of the lane recognition when the vehicle is in Autosteer mode. The
whole article is divided into four parts: first a brief introduction of Autopilot, after that
we will introduce how to send control commands from APE to control the steering
system when the car is driving. In the last two sections, we will introduce the
implementation details of the autowipers and lane recognition features, as well as our
adversarial example attacking methods in the physical world.
In our research, we believe that we made three creative contributions:
1. We proved that we can remotely gain the root privilege of APE and control the
steering system.
2. We proved that we can disturb the autowipers function by using adversarial
examples in the physical world.
3. We proved that we can mislead the Tesla car into the reverse lane with minor
changes on the road.
Research Target
The hardware and software versions of our research target are listed below:
Vehicle Autopilot Hardware Software
TESLA MODEL S 75 2.5 2018.6.1
Background
On Black Hat USA 2018, we demonstrated a remote attack chain to break into the
Tesla APE Module (ver 17.17.4). Here is a brief summary of our remote attack chain,
the attack chain has been fixed after we reported to Tesla, and more details can be
