Tesla Model 3 Spoofed off the highway – Regulus Navigation System Hack Causes Car to Turn On Its Own

So two things here that should be addressed.

The first is the attack and mitigations.

This isn’t great. But not awful, the rerouting an autopiloting car to a bad destination is the worst, and could be used unknowingly steer cars into unsafe areas where further physical attacks can be performed. But it isn’t a hijacking, the driver still maintains control over the vehicle and can start driving normally.

A key takeaway here is that this is an inherent flaw with how GPS works. There is no fix, and the next iteration of GPS has been confirmed (Edit: Research underway) to not be addressing these issues. I dislike the use of “GNSS” in this article, because it dismisses all Global Navigational Satellite Systems as being in the exact same bucket, which they aren’t. In fact the article mentions several times that GNSS is GPS, disregarding the other 3 (4?) GNSS systems in use.

spoofing technology poses to GNSS (global navigation satellite systems, also known as GPS) receivers

… Because every GNSS/GPS broadcast system can be affected by GNSS/GPS spoofing

Galileo is nearly fully operational, and its first iteration supports both authentication and encryption capabilities to be delivered for this exact purpose. The original issue was this exact attack vector, but for Aircraft navigation rather than self-driving cars.

The second thing I’d like to address is the article and process the company used. Apart from the GNSS thing, the attack write-up was okay and I’m always a fan of pictures but…

Sending Tesla a vuln report for this is interesting (Since its a GPS problem, not a Tesla problem), and their reply sounds about right, but then they proceeded to deliver their counterpoints to their claims in the article without allowing Telsa any feedback which is kind of a shit thing to do. In fact a lot of the article screams alarmism, glossing over the whole “attaching an antenna to the roof” thing

This is the typical case in which an external attacker would try to influence the car

Really? Stick a great big antenna on the roof and hope that nobody notices?

“dangerous” repeated multiple times throughout the article again and again, not really addressing the problem of what happens when the car drives out of range, and going against common disclosure methods by not at least providing an insight into how to fix this method (Other than some vague mentions to a “Secure GPS” system, which I’ve never heard of?) or a disclosure timeline. I’d be interested to see the original emails to AND from Tesla, I mean surely if they did all this research, which actually seems kind of expensive, and delivered it without any solutions, or just solutions not mentioned to us…

I wonder what this company sells…

https://www.regulus.com/solutions/pyramid-gnss/

Ah, so they sell anti-GPS spoofing devices and are trying to drum up alarmism to sell their product. That entire article and somehow they manage to really quickly gloss over the fact that they sell the exact product they’re trying to call Tesla out on not having. What’s the bet that the original disclosure email was a half-pitch to sell their product and they’ve released this article when Tesla said “No thanks”. I can’t even seem to find a mention on the site as to what the thing actually does, and they sure as hell don’t disclose the costs.

Edit: Did some more digging.

https://www.prnewswire.com/news-releases/regulus-cyber-solves-the-cross-industry-threat-of-gnss-gps-spoofing-attacks-by-miniaturizing-its-anti-spoofing-technology-and-introducing-it-to-the-mass-market-300773063.html

Regulus Pyramid GNSS Receiver is a fully functional GNSS receiver, fortified with the spoofing detection capability. The receiver contains patented technology that enables it to differentiate between real GNSS signals and fake ones generated by an attacker. The Pyramid GNSS receiver is a direct replacement to any automotive GNSS receiver

So it’s not just an additional device, they want companies to replace their entire GNSS receivers with their own “patented” blackbox receivers. Yeah, that’s a hard no from me. This is an even bigger risk than being susceptible to GPS spoofing.

And where’s the research showing the dropped signals during normal deployment. I put this receiver in my drone, how many legit signals are they dropping? Enough to cause signal interruption? Not bad for my drone, but for “Maritime” and “Aviation”, oof thats a hard pass.


Read Moreā€¦

Leave a Reply