While most people love the idea of autonomous vehicles, they remain nervous about giving control over to a machine. The largest hurdle facing automakers is instilling trust into customers that their self-driving cars will do the job more safely than humans ever could. They must bridge the gap of uncertainty and help shift our relationship to cars in a posthuman world.
- GPS spoofing is a real threat to autonomous car safety and security.
- Israeli-based Regulus focuses on smart-sensor security to address the hacking issue
- In doing tests Regulus revealed vulnerabilities in Tesla’s navigation system.
Eventually, we will adjust to cars taking the wheel and not think twice about getting in for a ride. So that problem, while challenging now, will fade into the background. But, there is a bigger and scarier issue that won’t ever go away. One that looms now.
In our connected, digital world, there is always the threat from hacking. No matter how secure the system claims to be, there will always be hackers who can defeat it. For example, we have our Facebook account spoofed and our financial and government institutions compromised, which exposes our personal information. It can be a nightmare trying to sort out and reclaim your identity—sometimes with the process going on for years and years.
Inherent Danger Of Autonomous Cars
Though these security breaches can cause huge and harmful disruptions to our lives, they aren’t a matter of life and death. If a hacker can spoof your GPS system and take control of your car, that’s another story. The stakes just got a lot higher.
Regulus Cyber, an Israeli-based company that deals with smart-sensor security, just revealed how vulnerable the Tesla Model S and Model 3 are to a cyberattack. In a staged demonstration, it tapped into Tesla’s navigation system and caused a test car to suddenly slow down and unexpectedly veer off the road while using Tesla’s Autopilot feature. The researchers found that its spoofing attacks on the Tesla GNSS (GPS) receiver could be achieved wirelessly and remotely.
For the test, the Regulus team drove the Tesla Model 3, which has the same navigation system as the S, with the Navigate on Autopilot feature engaged. Although the GPS was set for the car to exit the freeway in three miles, the spoof attack overrode the system and the car acted like the exit was only 500 feet away by slowing down, turning on the right turn signal and veering off the main road. Although the human driver immediately took over steering responsibilities, she couldn’t stop the car from going off the road. Very scary stuff.
Discovering An Unexpected Vulnerability
In conducting the test to show how easily Tesla’s navigation system could be spoofed, Regulus unexpectedly found another vulnerability. Apparently, there’s a link between the car’s navigation and air suspension systems, which caused the height of the car to randomly adjust while moving because the suspension system “thought” it was driving in a certain environment when it wasn’t.
Regulus used scare tactics to show how easily a semi-autonomous car could be taken over and cause dire consequences. That’s because the company says it holds the solution to avoiding spoofing with its Pyramid GNSS (GPS) technology, which detects and protects GNSS receivers against smart spoofing attacks.
By choosing to run its spoofing tests on Teslas, Regulus shrewdly picked a big and recognizable player in the autonomous car market to get attention. Interestingly, when Regulus presented its findings to Tesla, the electric car company brushed them off as not that significant.
It’s Important To Acknowledge The Problem
To sum up Tesla’s response: any product or service using a public GPS broadcast system can be susceptible to spoofing; the effect of spoofing on Tesla cars is minimal and doesn’t pose a safety risk; and, drivers can easily override Autopilot and Navigate on Autopilot and must assume responsibility for the car’s navigation.
As cars continue to take over driving duties from us, they will be ever more reliant upon the cloud. Spoofing is a real threat. Car companies need to put safeguards in place to protect their systems from attack–and respond with a laissez faire attitude. Wouldn’t you think Tesla would take the opportunity to thank Regulus and get right on correcting those identified vulnerabilities?
If Tesla doesn’t want to use Regulus in the fight against spoofing, that’s fine. Let’s hope they at least admit it’s a problem—the Regulus demonstration seems pretty convincing—and address finding a solution.