Hackers reveal how to trick a Tesla into steering towards oncoming traffic

A root vulnerability and a few stickers were all it took.

Tesla Model 3 finally available but it will only sell online Tesla to slash sales force now that the Model 3 electric car is finally ready to order.

A team of hackers has managed to trick the Tesla Autopilot feature into dive-bombing into the wrong lane remotely through root control and a few stickers.

Researchers from Tencent Keen Security Lab published a report this week (.PDF) on their findings, which shows how the Tesla Autopilot system engine control unit (ECU) can be abused through root security weaknesses in software version 18.6.1 to gain remote control of a Tesla Model S steering wheel.

The team was able to dynamically inject malicious code into controlling mechanisms to remotely take control of the steering wheel from a mobile device. This device was connected to a gamepad via Bluetooth for approximate steering.

While in APC (Automatic Parking Control) mode, the researchers were able to seize control of steering at roughly 8 KM/H. When driving at high speeds, there were no limitations.

After analyzing the CAN messaging functions onboard the system, the researchers were also able to tamper with how the vehicle recognized traffic lanes.

See also: How to steal a Tesla Model S in seconds

While in Autosteer mode, the vehicle uses computer vision and camera feeds to detect and navigate these lanes, but "a potential high-risk design weakness" permitted the team to lead a Tesla car in the wrong direction.

Tencent researchers tested out their theory by applying some simple stickers to a road surface, and this confused the machine vision system enough to go AWOL and, theoretically, could be used to divert these cars into oncoming traffic.

The problem lay within the single neural network which Tesla uses to detect lanes, among other functions. Images from a camera are processed, input into the network, and output is then saved and added to a virtual map of the vehicle's surroundings.

While a controller manages the car's auto-steering decisions, the researchers created an attack scenario in which the feed images were compromised by way of three stickers on the road, which led to the car's trajectory changing.

By applying small, inconspicuous stickers to the road, the system failed to notice that the fake lane was directed towards another lane -- a scenario the team says could have serious real-world consequences.

The vulnerability and security weaknesses found by Tencent were reported to Tesla and have now been resolved. The findings were shared with attendees of Black Hat USA 2018.

"With some physical environment decorations, we can interfere or to some extent control the vehicle without connecting to the vehicle physically or remotely," the team says. "We hope that the potential product defects exposed by these tests can be paid attention to by the manufacturers, and improve the stability and reliability of their consumer-facing automotive products."

TechRepublic: How to install and use Firefox Lockbox

A Tesla spokesperson said the attack "is not a realistic concern given that a driver can easily override Autopilot at any time by using the steering wheel or brakes and should always be prepared to do so."

There is a constant flood of security concerns when it comes to our electric vehicles. IOActive research suggests that modern attack vectors can include exploits relating to Bluetooth, cellular connections, Wi-Fi, vendor interfaces, and external storage such as USB drives, with the majority of exploits on hand considered to be of "medium" severity.

CNET: New York capital hit by ransomware attack, taking services offline

When it comes to Tesla, the company is not exempt from the same security concerns -- having recently been hacked at Pwn2Own -- but the vehicle range's computer systems can also come in useful, too, beyond Autopilot. Earlier this week, the Tesla's Model 3 new Sentry Mode caught a vandal in the act while she was scratching up the car, leading to her arrest. 

Previous and related coverage