Voltage Glitching Puts Tesla's "Autopilot" Secrets on Display, Claim Researchers

A team of security researchers have found vulnerabilities in the "Autopilot" advanced driver assistance system (ADAS) in Tesla vehicles — using voltage glitching to extract critical data and gain root access to the system.

"Tesla's driving assistant has been subject to public scrutiny for good and bad: as accidents with its 'Full Self Driving' (FSD) technology keep making headlines, the code and data behind the onboard Autopilot system are well-protected by the car manufacturer," researchers Niclas Kühnapfel, Christian Werling, and Hans Niklas Jacob explain. "In this talk, we demonstrate our voltage-glitching attack on Tesla Autopilot, enabling us root privileges on the system."

Despite its name, Tesla's "Autopilot" is simply an advanced driver assistance system (ADAS) common to all its vehicles and running on an on-board 64-bit Arm-based computer system. Using, in its most recent incarnations, only visual inputs from on-board cameras, Autopilot performs tasks including lane-keeping, cruise control, and emergency braking — and can be upgraded at additional cost to "Enhanced Autopilot" for semi-autonomous navigation on certain road types and self parking. Full Self Driving, meanwhile, extends the system further — but has never been released outside a paid-for beta program.

"Despite using multiple cameras and Autopilot's machine learning (ML) models, accidents persist and shape FSD reporting," the researchers say of the system's apparent failings. "While the platform security of Autopilot's hardware protects the code and ML models from competitors, it also hinders third parties from accessing critical user data, e.g., onboard camera recordings and other sensor data, that could help facilitate crash investigations."

To address that, the researchers investigated the hardware — targeting its power supply through voltage-glitching attacks which allowed them to gain root-level access to the system. "The attack enables us to extract arbitrary code and user data from the system," the team claims. "Among other cryptographic keys, we extract a hardware-unique key used to authenticate Autopilot towards Tesla's 'mothership.'"

This isn't the first time the researchers have used voltage glitching to break open computing systems inside Tesla vehicles. Back in August last year the team unveiled an attack against the AMD Secure Processor (ASP) which could allow Tesla vehicle's internal identities to be cloned — easing third-party repairs while also opening the door for owners to unlock features, like the Full Self Driving (FSD) beta, for which they hadn't paid, an issue Tesla was unsurprisingly quick to resolve.

More details on the project are available in the above video, following the team's presentation at the 37th Chaos Communication Congress (37C3). Tesla has not publicly responded to the researchers' findings.