Please note, this hack is only applicable on Tesla cars that still have HW1 – the original autopilot hardware consisting of radar and a single camera based on the MobileEye product.
Security experts have succeeded in manipulating multiple Tesla cars into accelerating by up to 50 miles per hour. They fooled the car’s MobilEye EyeQ3 camera system by ingeniously altering the speed limit sign on the road in a manner that drivers would seldom notice.
That demonstration from McAfee’s cybersecurity firm is the latest indication that extensive machine learning may wreck autonomous driving systems. Thus, it may cause a security challenge for those aiming to commercialize the technology.
MobilEye EyeQ3 camera systems collect speed limit signs and feed the information into autonomous driving features, as explained by Shivangee Trivedi and Steve Povolny from McAfee’s Advanced Threat Research team.
Picks for you
The team stuck a tiny and almost hardly noticeable sticker on a speed limit sign. The camera reads the sign as 85 instead of 35. Both the 2016 Model S and 2016 Tesla Model X sped up 50 miles per hour.
This test is the latest in an increasing amount of research revealing how machine learning systems can be compromised and fooled in life-threatening situations.
The Attacks
Last year, researchers tricked a Tesla vehicle into veering into the wrong lane in traffic by placing stickers on the road. That adversarial attack was meant to manipulate the car’s machine learning algorithms. Povolny said:
“Why we’re studying this in advance is because you have intelligent systems that at some point in the future are going to be doing tasks that are now handled by humans. If we are not very prescient about what the attacks are and very careful about how the systems are designed, you then have a rolling fleet of interconnected computers which are one of the most impactful and enticing attack surfaces out there.”
The McAfee research finding was sent to Tesla and MobilEye EyeQ3 last year. Tesla did not comment, but Mobileye said that it does not consider tricking the camera as an attack in spite of the role that the camera plays in Tesla’s cruise control and autonomous driving.
Tesla has moved to proprietary cameras for its newer models, while MobilEye EyeQ3 has released updated versions of the camera not susceptible to the exact attack.
