A hack by a crack security team that deceived the Tesla autopilot system into moving into an oncoming lane highlights the safety concerns around self-driving vehicles but falls outside the accepted scope of attacks against autonomous vehicles, experts said.
Tesla Autopilot, also known as Enhanced Autopilot, is a driver assistance program that helps with lane centering, adaptive cruise control, self-parking, lane changing and parking.
In a recent report, Keen Security Lab, a division of Chinese conglomerate Tencent, revealed that it could gain remote control of the steering system, disturb the auto-wiper function and mislead the vehicle into entering the wrong lane with minor changes to the road.
These findings come at a time when cybersecurity and safety of self-driving vehicles and driver assist features are getting increased scrutiny from customers and regulators.
But in an emailed statement, a Tesla spokesperson said the company had either fixed problems cited in the report, or that the hack involved an artificial manipulation of the environment.
“The primary vulnerability addressed in this report [the steering system] was fixed by Tesla through a robust security update in 2017, followed by another comprehensive security update in 2018, both of which we released before this group reported this research to us.”
The rest of the findings, the spokesperson said, “are all based on scenarios in which the physical environment around the vehicle is artificially altered.”
For example, the Tencent team pasted stickers on the ground in an intersection, fooling the vehicle into thinking the stickers were an extension of a lane. When the vehicle crossed the intersection, it drove into the oncoming lane.
Since the driver can override the autopilot at any time, “that is not a realistic concern,” the spokesperson said. Drivers can also manually operate the windshield wiper settings.
Enrique Dans, an innovation consultant and professor of Information Systems at IE Business School, echoed Tesla’s assessment. “The [Tencent] findings are interesting and might merit some actions from Tesla in order to improve the vehicle’s behavior under certain circumstances,” said Dans in an email.
“However, the issue discovered by Tencent Keen Security Lab is not a bug, not a problem with the software or a limitation of the hardware, but the purposefully modification of a road, more akin to a booby trap. It would be extremely difficult to set a proper limit for this type of intervention,” Dans continued.
Keen Security Lab has helped Tesla to make previous fixes, including correcting a vulnerability that could have allowed an outsider to remotely activate a vehicle’s brakes. The team, which made Tesla’s “security researcher hall of fame” in 2016 and 2017, also pulls back the curtain on “bug bounty” hunters, security researchers who identify software problems for money.
Paying people to troubleshoot computer systems is now considered an increasingly important part of organizations’ security, said Dans, “and they are important in terms of both effectiveness and reputation.”
Tesla’s bug bounty program awards hackers up to $15,000 for identifying glitches, and the deference the auto maker shows Keen underscores just how much it relies on top-notch security experts to ensure self-driving systems are working correctly.
Although the latest Keen report did not qualify for an award, “we know it took an extraordinary amount of time, effort and skill, and we look forward to reviewing future reports from this group,” the Tesla spokesperson said,
The Tencent team stands by its conclusions. “We proved that with some physical environment decorations, we can interfere or to some extent control the vehicle without connecting to the vehicle physically or remotely,” stated the report’s conclusion.
“We hope that the potential product defects exposed by these tests can be paid attention to by the manufacturers, and improve the stability and reliability of their consumer-facing automotive products.”