A team from TU Berlin succeeded in breaking the Tesla Autopilot using Fault Injection. This was reported at the annual CCC conference in Berlin in December 2023. This attack gets a lot of visibility since vehicle automation is inspirational and Tesla is seen as the leading brand in this field.
The researchers obtained the autopilot box (HW3) from a recent car and initially started exploring the design and functionality. They discovered that the board uses a chip developed by Tesla, which includes multiple AI, GPU, and ARM cores. The integrity of the software is guaranteed by the Security System (SCS) which controls the secure boot process and verifies signatures of all subsequent software loaded into the Turbo chip.
The research team had developed their own microcontroller-based hardware for doing voltage glitching, and wanted to establish if they could apply this on the Tesla Turbo chip. They chose to adopt the simple crowbar approach, which briefly shortcuts the power to a chip to inject a fault. They were lucky since the SCS component uses its own power supply line, which could be glitched without using heavy power electronics. Nevertheless, it took them several months to tune the circuitry to achieve the right analog pulse shape. For that, they had to make multiple board adjustments, which were tricky with respect to the electrical integrity and stability of the autopilot box.
The operational control software of the Autopilot runs in a hardened Linux version. The researchers came up with the idea to replace the hardened Linux with a more liberal Recovery version that would allow remote login, with the aim to retrieve Tesla software and user data from the various memories accessible to the Linux OS. Loading the weakened Linux version would be possible if the SCS were glitched as it checks the integrity of the Linux package.
To facilitate the attack, they used a serial port to monitor boot progress, as well as data transfer on the flash SPI interface to establish the success of a glitch. With these signals, they were able to define a 25µs time window for injecting a glitch in a chip clocked at 1.6 GHz. After countless hours of experimenting, they hit the right timing, and succeeded in loading the Recovery Linux version.
Finally, they were able to extract contents from some memories and started reverse engineering this code. This was a laborious effort since proprietary formats were used, and additional software security mechanisms were in place as well. while part of the data was inaccessible due to encryption, they did succeed in extracting some proprietary Tesla IP, as well as confidential user data. As an example, they showed video fragments of irregular driver behavior, that were stored in the device.
The overall attack is impressive, and the results are fascinating. However, the Fault Injection method is not. The researchers used the most basic form of Fault Injection and spent an unnecessary amount of time to tweak the setup. We assess that with modern commercial test equipment these results could be duplicated easily, and any professional hardware security lab should be able to demonstrate such problems.
It is surprising that the chip lacks protection against Fault Injection, despite the sensitivity of the application and the innovative reputation of the brand. This may be caused by the high speed of innovation where features are prioritized over quality and security. While this is understandable, we would advise automotive vendors to acknowledge the threat of Fault Injection and invest in proper security testing to reduce the risk of incidents and gain public trust.