Hackers Do the Dirty to Another Tesla Model 3

Matt Posky
by Matt Posky
hackers do the dirty to another tesla model 3

It’s Elon Musk’s birthday today, so we’ve decided to wish him well and say congratulations on Tesla Motors convincing the U.S. Commerce Department to waive the 10 percent tariff on imported aluminum so it can build more battery cells at the company’s Nevada Gigafactory. However, what would birthday well-wishing be without the all-important pinch to grow an inch?

Another Model 3 has been hacked, this time without the manufacturer’s blessing. We’re equating it to a mild goosing. Regulus Cyber, a company specializing in digital security, decided to give the Tesla (and a Model S) a shakedown by seeing if they could fool the car’s navigational equipment and upset/confuse Autopilot to the point of failure.

Let’s see how they did.

According to Bloomberg, the company purchased some readily available electronics equipment and got to work. Regulus Cyber’s own account, said these items were a $150 Analog Devices ADALM-PLUTO Active Learning Module (for jamming) and a $400 Nuand bladeR (for spoofing). Both of which you can buy online with a valid credit card.

The plan was simple: jam the car from receiving a legitimate GPS signal and spoof the system with falsified data. In the test, Regulus claimed it was able to trick the car into pulling off the highway. While cruising to a previously established location using Autopilot, the firm said it swapped in garbage GPS information that redirected the vehicle to a point 150 meters before an exit it was originally supposed to take.

“The exact moment that the [Model 3] was spoofed to the new location, it passed a dotted white line on it’s [sic] right hand side, leading to a small road into an emergency pit stop,” Regulus said. “Although the car was a few miles away from the planned exit when the spoofing attack began, the car reacted as if the exit was just 500 feet away — slowing down from 60 MPH to 24 KPH, activating the right turn signal, and making a right turn off the main road into the emergency pit stop. During the sudden turn the driver was with his hands on his lap since he was not prepared for this turn to happen so fast and by the time he grabbed the wheel and regained manual control, it was too late to attempt to maneuver back to the highway safely.”

The team set up the Model 3, and affixed a a small antenna to the roof in order to simulate an outside attack. While the company claimed spoofing attacks on the Tesla GNSS/GPS receiver could easily be carried out wirelessly and remotely, it said the roof-mounted wire was put in place to ensure no nearby vehicles would be impacted by the test.

Tesla dismissed these assertions, suggesting that Regulus Cyber had orchestrated the test as a marketing ploy. “These marketing claims are simply a for-profit company’s attempt to use Tesla’s name to mislead the public into thinking there is a problem that would require the purchase of this company’s product,” a Tesla spokesperson said. “That is simply not the case. Safety is our top priority, and we do not have any safety concerns related to these claims.”

The automaker also spoke to Regulus directly, saying that “any product or service that uses the public GPS broadcast system can be affected by GPS spoofing, which is why this kind of attack is considered a federal crime. Even though this research doesn’t demonstrate any Tesla-specific vulnerabilities, that hasn’t stopped us from taking steps to introduce safeguards in the future which we believe will make our products more secure against these kinds of attacks.”

While the test certainly did get Regulus Cyber into the news, and it has a follow-up webinar planned for next month, Tesla’s commitment to safety needs some additional context. Multiple consumer advocacy and automotive safety groups have been critical of Tesla’s Autopilot function for possessing a “misleading” name. The issue has only gotten worse following several fatal incidents involving the system.

Since then, the automaker has tried to be more clear about what the semi-autonomous technology within its vehicles can actually do and updated Autopilot to encourage people to keep their hands on the wheel. It also runs a “ bug bounty program” that rewards white-hat hackers who expose vulnerabilities. However, that appears to be what Regulus Cyber set out to do. Where’s their cash prize?

Perhaps they don’t deserve one. While the subject of this test happened to be a Model 3, it’s not as though they’re the only vehicles that could be impacted by GPS manipulation. Any connected car with advanced driving aids could be, ahem, taken for a ride — so to speak. And so could everyday folks with a bad sense of direction that indisputably trust their GPS.

From Bloomberg:

In a 2018 paper winkingly titled “All Your GPS Are Belong to Us: Towards Stealthy Manipulation of Road Navigation Systems,” researchers demonstrated the possibility that spoofing — substituting pirate signals for those of a GPS satellite — could stealthily send you to the wrong destination.

While they note the threat of GPS spoofing has been discussed as far back as 2001, and that spoofing has been shown to work in other contexts, their experiment was the first to test road navigation systems. The researchers used real drivers behind the wheel of a car that was being told to go to the wrong place.

Some 38 out of 40 participants followed the illicit signals, the researchers said.

“The problem is critical, considering that navigation systems are actively used by billions of drivers on the road and play a key role in autonomous vehicles,” wrote the authors, who hail from Virginia Tech, the University of Electronic Science and Technology of China and Microsoft Research.

While it’s been absolutely proven that Teslas (and most other modern cars) can be hacked, the severity of these events vary quite a bit. Tesla Motors was critical of Regulus Cyber’s use of a small antenna fixed to the car to conduct its test, suggesting that it would be overkill for someone attempting a malicious act, and added that the car did not behave in an unsafe manner after being hacked. There were also gripes over how Navigate on Autopilot was not entirely susceptible to the attack, as it doesn’t use GPS and map data for all functions. A Model S, which was similarly tested, proved more resilient to spoofing attacks — with researchers only able to upset its adjustable suspension.

The security team refuted these claims, saying that trust must be earned by all manufacturers and expressed fears that cyber attacks will become increasingly dangerous as more cars are networked. It also scoffed at Tesla’s mention of future safeguards, saying that there’s an issue needing to be solved today.

“The more GPS data is leveraged in automated driver assistance systems, the stronger and more unpredictable the effects of spoofing becomes,” said Yoav Zangvil, Regulus Cyber CTO and co-founder. “The fact that spoofing causes unforeseen results like unintentional acceleration and deceleration, as we’ve shown, clearly demonstrates that GNSS spoofing raises a safety issue that must be addressed … In addition, the spoofing attack made the car engage in a physical maneuver off the road, providing a dire glimpse into the troubled future of autonomous cars that would have to rely on un-secure GNSS for navigation and decision-making.”

[Images: Regulus Cyber]

Join the conversation
5 of 46 comments
  • TrooperII TrooperII on Jun 30, 2019

    Why does anyone even listen to Musk anymore? He's the best snake oil salesman maybe ever, but that's what he is. Billions in VC and no oversight and now Tesla is circling the drain while he's busy boring tunnels. This after the "revolutionary" "new" transit system, Hyperloop. That was another idea that was patented 100 years ago. Landing launch vehicles on barges? A little company named Grumman was doing that in the 60's Yet everyone thinks these are some kind of new technologies. Easily verifiable facts. Then he ham handedly tries to manipulate the stock price. He's no brainiac.

    • See 1 previous
    • 28-Cars-Later 28-Cars-Later on Jul 02, 2019

      @SCE to AUX The poster child for Agenda 21 is TBTF. Watch.

  • SuperCarEnthusiast SuperCarEnthusiast on Jul 01, 2019

    Modern day technique for high jacking or possibly kidnapping the occupants!

    • Vulpine Vulpine on Jul 02, 2019

      If the driver is at all attentive, the method simply wouldn't work. The vehicle simply starting to slow down early as described in the article would have been enough for me to take over control at least until I could figure out why it did so. I certainly wouldn't have let it even start the turn itself when the car is clearly well short of the intended exit.

  • Art Vandelay Best? PCH from Ventura to somewhere near Lompoc. Most Famous? Route Irish
  • GT Ross The black wheel fad cannot die soon enough for me.
  • Brett Woods My 4-Runner had a manual with the 4-cylinder. It was acceptable but not really fun. I have thought before that auto with a six cylinder would have been smoother, more comfortable, and need less maintenance. Ditto my 4 banger manual Japanese pick-up. Nowhere near as nice as a GM with auto and six cylinders that I tried a bit later. Drove with a U.S. buddy who got one of the first C8s. He said he didn't even consider a manual. There was an article about how fewer than ten percent of buyers optioned a manual in the U.S. when they were available. Visited my English cousin who lived in a hilly suburb and she had a manual Range Rover and said she never even considered an automatic. That's culture for you.  Miata, Boxster, Mustang, Corvette and Camaro; I only want manual but I can see both sides of the argument for a Mustang, Camaro or Challenger. Once you get past a certain size and weight, cruising with automatic is a better dynamic. A dual clutch automatic is smoother, faster, probably more reliable, and still allows you to select and hold a gear. When you get these vehicles with a high performance envelope, dual-clutch automatic is what brings home the numbers. 
  • ToolGuy 2019 had better comments than 2023 😉
  • Inside Looking Out In June 1973, Leonid Brezhnev arrived in Washington for his second summit meeting with President Richard Nixon. Knowing of the Soviet leader’s fondness for luxury automobiles, Nixon gave him a shiny Lincoln Continental. Brezhnev was delighted with the present and insisted on taking a spin around Camp David, speeding through turns while the president nervously asked him to slow down. https://academic.oup.com/dh/article-abstract/42/4/548/5063004