It turns out all it takes to fool a Tesla’s camera system is a little tape.
Two security researchers managed to trick two Teslas into accelerating well past the speed limit by fooling their camera systems into misreading a speed sign.
A group of researchers has managed to trick Tesla’s first-generation Autopilot into accelerating from 35 to 85 mph with a modified speed limit sign that humans would be able to read correctly.
Researchers at McAfee Advanced Threat Research conducted the experiment.
Over the course of 18 months, the researchers explored how they could get a Tesla to misread a speed limit by messing with the vehicle’s ability to see. To make that happen, the researchers placed visual distractions like stickers and tape that could trick the car’s camera system into misreading a 35-miles-per-hour speed limit.
While the researchers successfully spoofed the camera’s reading in several different ways, they found that just a 2-inch piece of black electrical tape across the middle of the 3 in a 35 Mph speed limit sign could cause the system to read the sign as an 85 Mph sign.
In a live test with a 2016 Model S70 using an EyeQ3 camera from MobilEye, they found that, when the Tesla Automatic Cruise Control (TACC) was activated, the vehicle’s system would attempt to determine the current speed limit with help from the camera.
Ultimately, they were able to make a Tesla vehicle on Autopilot accelerate by 50 mph over the limit:
The ultimate finding here is that we were able to achieve the original goal. By making a tiny sticker-based modification to our speed limit sign, we were able to cause a targeted misclassification of the MobilEye camera on a Tesla and use it to cause the vehicle to autonomously speed up to 85 mph when reading a 35-mph sign. For safety reasons, the video demonstration shows the speed start to spike and TACC accelerate on its way to 85, but given our test conditions, we apply the brakes well before it reaches target speed. It is worth noting that this is seemingly only possible on the first implementation of TACC when the driver double taps the lever, engaging TACC. If the misclassification is successful, the autopilot engages 100% of the time. This quick demo video shows all these concepts coming together.
McAfee confirmed that it disclosed its findings to both Tesla and MobilEye before making them public:
McAfee disclosed the findings to Tesla on September 27th, 2019 and MobilEye on October 3rd, 2019. Both vendors indicated interest and were grateful for the research but have not expressed any current plans to address the issue on the existing platform. MobilEye did indicate that the more recent version(s) of the camera system address these use cases.
In previous instances of vulnerabilities being exposed by white-hat hackers, Tesla has been fairly quick to fix them.
Watch the video below for more details:
Source: AWM