Тёмный

37C3 - Back in the Driver's Seat: Recovering Critical Data from Tesla Autopilot Using Voltage Glitch 

media.ccc.de
Подписаться 208 тыс.
Просмотров 40 тыс.
50% 1

media.ccc.de/v/37c3-12144-bac...
Tesla's driving assistant has been subject to public scrutiny for good and bad: As accidents with its "full self-driving" (FSD) technology keep making headlines, the code and data behind the onboard Autopilot system are well-protected by the car manufacturer. In this talk, we demonstrate our voltage-glitching attack on Tesla Autopilot, enabling us root privileges on the system.
Apart from building electric vehicles, Tesla has gained a reputation for their integrated computer platform comprising a feature-rich infotainment system, remote services through Tesla's Cloud and mobile app, and, most notably, an automated driving assistant. Enabled by a dedicated arm64-based system called Autopilot, Tesla offers different levels of "self-driving". The "full self-driving" (FSD) is provided to specific customers via in-car purchases and has been subject to public discourse.
Despite using multiple cameras and Autopilot's machine learning (ML) models, accidents persist and shape FSD reporting. While the platform security of Autopilot's hardware protects the code and ML models from competitors, it also hinders third parties from accessing critical user data, e.g., onboard camera recordings and other sensor data, that could help facilitate crash investigations.
This presentation shows how we rooted Tesla Autopilot using voltage glitching. The attack enables us to extract arbitrary code and user data from the system. Among other cryptographic keys, we extract a hardware-unique key used to authenticate Autopilot towards Tesla's "mothership". Overall, our talk will shed light on Autopilot's security architecture and gaps.
Before delving into Autopilot, we successfully executed a Tesla Jailbreak of the AMD-based infotainment platform and presented our attack at BlackHat USA 2023. This achievement empowered custom modifications to the root file system and temporarily facilitated the activation of paid car features.
Niclas Kühnapfel
Christian Werling
Hans Niklas Jacob - hnj
events.ccc.de/congress/2023/h...
#37c3 #Security

Опубликовано:

 

28 дек 2023

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 40   
@martinhow121
@martinhow121 5 месяцев назад
For those of us who have spent a lifetime looking after IT systems and software at an interconnect level, with no hardware access this is a fascinating insight into the low level security issues makers and maintainers have to deal with and opens up all sorts of questions on how a real Right To Repair might work in practice. Great stuff whole team.
@almc8445
@almc8445 5 месяцев назад
This has nothing to do with right to repair… RtR asks for schematics and components. At best schematics reduce some tedious hardware reversing parts, but from a reversing perspective that’s not *hard* per se, it’s just slow.
@JxH
@JxH 5 месяцев назад
@@almc8445 You're wrong. 'Right To Repair' includes the critical topic of 'software locks', as per Apple and John Deere and many others. Skilled technicians can repair hardware even in the absence of OEM provided schematics (they do it all the time), and they can almost always source (most) parts (perhaps used) most of the time. The issue these days is mostly SW locks, where the parts or subassemblies are SW locked. It's already the main issue.
@waifuracer6516
@waifuracer6516 5 месяцев назад
​@@almc8445schematics and components are literally included in right to repair...
@casian576
@casian576 5 месяцев назад
Interessant. Und inhaltlich so weit weg von den Meldungen der Presse, wie zu vermuten war.
@unknown9274
@unknown9274 5 месяцев назад
super interesting, thank you for the research. thanks to ccc for uploading
@JxH
@JxH 5 месяцев назад
Voltage glitching of the (credit card sized) Smart Cards was a very common attack on the Satellite TV systems (e.g. DirecTV and Dish Network) back in the 1990s; so nearly *30 years* (!) ago. Even then, it was automated via a PC's parallel or serial port, so one might leave it running while having dinner. The glitch module might try thousands, even tens of thousands, of combinations of timing and pulse before cracking the card, and presenting the channel menu. Nothing new under the Sun, eh?
@rolux4853
@rolux4853 5 месяцев назад
Man I know a guy that really misses his old hacked receiver
@dameanvil
@dameanvil 4 месяца назад
00:32 🚗 Tesla's autopilot system and infotainment system have been rooted, and the speakers will discuss their findings. 02:59 📰 Recent Tesla autopilot news includes a recall of over 2 million vehicles and speculation about features like "Elon mode." 03:27 🧠 Overview of Tesla's digital architecture, highlighting the autopilot board's role and data storage mechanisms. 05:43 📷 Evolution of Tesla's autopilot hardware, from single-camera setups to custom FSD chips, and changes in data storage encryption. 06:50 🛡 Introduction to Tesla's custom FSD chip and its security subsystem, focusing on code verification and cryptographic signing by Tesla. 09:27 🧠 Analysis of the security subsystem, its role in firmware loading, and the importance of the certificate chain in verification. 12:32 ⚙ Explanation of fault injection attacks, specifically voltage glitching, as a method to induce faults in the security system. 14:32 📏 Identification of the power supply of the security system, focusing on voltage regulator circuits and their interruption for the glitching attack. 18:08 🛠 Description of the glitching setup, involving a Teensy microcontroller, MOSFETs, and removal of capacitors to achieve the desired voltage drop. 20:46 🔄 Timing analysis of the glitching attack, determining the critical time window for the root CA hash comparison and planning the fault injection. 23:20 🎬 Successful demonstration of the fault injection attack, glitching the system during the root CA hash comparison and achieving root access. 23:47 🚗 Successful glitch injection demonstrated using voltage drops, allowing access to Tesla Autopilot system. 25:06 📊 Autopilot utilizes various data, including camera, CAN bus, and machine learning models, creating a treasure trove for training and evaluation. 26:00 📸 Snapshot process involves monitoring incoming data for events, triggering snapshots for analysis, and uploading selected data to Tesla servers. 29:42 🔐 Authentication for connecting to Tesla's servers involves a key stored in the security subsystem, with root access enabling key extraction. 32:49 📹 Recovered video data from Autopilot system reveals seven camera angles, CAN bus data, speed, pedalpositions, and GPS information. 34:01 🛑 The research demonstrates a voltage fault injection attack on Tesla's Autopilot system, posing a threat to intellectual property but also enabling analysis by third parties. 36:04 💰 The cost of obtaining the boards for hacking is mentioned, around 400 euros on eBay, with the whole board computer priced at approximately 600-800 euros. 38:33 🕰 Introducing random delays before, during, or after the glitch would make the attack harder but not necessarily prevent it. 39:10 🛑 The hash of the root of trust is checked against the embedded hash in the chip, making it challenging for existing Teslas to exchange or modify the root. 40:22 ❓ Cutting power during the certificate check process interrupts it, but exact details on the interruption mechanism are unclear.
@Gashvah
@Gashvah 5 месяцев назад
Sehr interessant, vielen Dank!
@nerdworldTV
@nerdworldTV 5 месяцев назад
Titelblatt der FAZ vom 28. Dezember: "Trio aus Berlin hackt Autopiloten von Tesla" ... Den Artikel hat man dann gleich einem Nachbarn (offenbar als "Warnung") anonym in den Briefkasten geworfen. 😅
@AlgoNudger
@AlgoNudger 5 месяцев назад
Thanks.
@StefanBerreth70
@StefanBerreth70 5 месяцев назад
Segor rocks!
@PhilippDurrer
@PhilippDurrer 5 месяцев назад
I'm wondering if they managed to find some way to get persistence and/or a way to activate elon mode thru the service password menu.
@attilapal3786
@attilapal3786 5 месяцев назад
could someone explain it to me what was that UART interface and why didnt the safety core just reset the lockstepped CPUs?
@LCfreeze
@LCfreeze 4 месяца назад
Did they describe the payload of their attack? As far as I understood, they were spoofing the cert chain to tamper with the bootloader/autopilot linux image. But how could they change the encrypted firmware? Was part of it unencrypted and able to be replaced?
@axelurbanski2774
@axelurbanski2774 5 месяцев назад
Bleibt die Frage ob bei der Möglichkeit diese Funktionen freizuschalten sind ob dort die Zulassung nicht hinfällig ist. Bei Sektor muss ich auch mal wieder reinschauen und mit dem heissen Kolben arbeiten.
@richardbatschmann1901
@richardbatschmann1901 5 месяцев назад
Betrifft aber nicht die Fahrzeuge, dessen Infortainment durch einen Atom Prozessor getrieben wird.
@michaelnjensen
@michaelnjensen 5 месяцев назад
I don't get @06:06 the Tesla Model 3 (HW3 / HW3.5 (highland)) has no Radar sensor at all, they are all vision only (only got cameras), it's one of the major reasons I'm getting an Audi e tron (Q4) over a Tesla Model 3 Highland.
@michaelnjensen
@michaelnjensen 5 месяцев назад
(Unless you get an older Model 3, but even those older cars that have a Radar sensor, is disabled these days by Tesla)
@waifuracer6516
@waifuracer6516 5 месяцев назад
Elon said in multiple interviews that he hates radar and lidar because they "suck" compared to cameras... But in reality they dont, its just you have to pay royalty fees after them when you use them. Also dont understand how could anyone say cameras are better than radar or lidar, since those two are unaffected by fog, smoke or heavy rain for example while cameras are very much affected... So its basically just Elon doesn't like paying the fees so they switched to cameras only...
@timop6340
@timop6340 5 месяцев назад
If I have understood correctly, radar data made training their AI much harder. So they just dropped it and have cameras only. Now they'll only need to successfully build object permanence into their photo recognition algorithms so no biggie 🤣
@motionthings
@motionthings 5 месяцев назад
Clap
@erikgleber6652
@erikgleber6652 5 месяцев назад
You know what i hate about our university system: I wrote a BSc and MSc thesis and none of it reached this significanse and analysis. But i got a MSc for it and what did they get?
@xmine08
@xmine08 5 месяцев назад
Prestige and, I'd wager, really good job prospects. You'd be surprised at the amazing engineering many companies do where the employee get's "nothing much" for it in the grand scheme.
@marcellkovacs5452
@marcellkovacs5452 5 месяцев назад
A BSc or MSc means nothing compared to actual experience in the field. Your degree is only relevant when you get your first job, then you can pretty much forget about it.
@notmyname1094
@notmyname1094 5 месяцев назад
how does a voltage glitch trick the hash comparison to falsely compute "match"?
@no-cv4dx
@no-cv4dx 5 месяцев назад
Everything is ones and zeros at the end of the day. True or false. How else, without voltage/electricity/etc., would binary storage/retrieval work?
@keithharvey633
@keithharvey633 5 месяцев назад
It doesn't have the power to do the comparison/set the register to the proper value, so it can't return true in the if()
@zoenagy9458
@zoenagy9458 5 месяцев назад
please upload private keys. Also what happened, why is commenting not disabled as usual?
@Alex_Vir
@Alex_Vir 5 месяцев назад
I would guess they now have the recources or think they have to moderate the comments?
@JohnDoe-bd5sz
@JohnDoe-bd5sz 5 месяцев назад
Yeah my thinking as well, if they are root, they could get the key for the root they glitched their way to. I wonder if it is a universal key or "per board"
@sfdntk
@sfdntk 5 месяцев назад
The keys are hardware-specific, or at least that's what it says in the video description, so releasing the keys would be pointless.
@ReubenHorner
@ReubenHorner 5 месяцев назад
Tesla will lock the keys as soon as they are released
@marcusaurelius6607
@marcusaurelius6607 5 месяцев назад
very biased and technically weak talk. lost my respect for the speakers, nothing else. go do this research about german made vehicles, mercedes, vw and bmw.
@holger267
@holger267 5 месяцев назад
why would someone be offended by this?!
@wallawallabingbeng
@wallawallabingbeng 5 месяцев назад
lol, whats your problem with this talk? your honest faith in st. elon? 😂 "nationalistic crybaby" is whats going through my head wen i read you post... nobody can actually build fully selfdriving cars. not the Chinese, not the germans, and not St. Vapeware - Mlon Eusk... 🎉🎉🎉 fully self driving is coming, -next Year! since when? 2016? 😂😂😂
@sfdntk
@sfdntk 5 месяцев назад
I agree, "technically weak" describes Tesla's terrible "autopilot" perfectly, you make a good point.
@fonesrphunny7242
@fonesrphunny7242 5 месяцев назад
I've yet to see a German car commercial that promises more than active parking assistance. Meanwhile, Tesla has been selling the FSD feature already and it turned out to be unreliable and dangerous. Whatever man, enjoy you spot at the very bottom of the comments.
Далее
Final muy increíble 😱
00:46
Просмотров 3,5 млн
When Steve Wants To Measure The Dog'S Height 😂️
00:19
Why the Future of AI & Computers Will Be Analog
17:36
Просмотров 526 тыс.
Tesla's NEW HW4 Car Computer
25:54
Просмотров 201 тыс.
How a Wifi chip works internally (openwifi helps!)
1:01:09
37C3 -  SMTP Smuggling - Spoofing E-Mails Worldwide
31:40
37C3 -  Breaking "DRM" in Polish trains
1:01:46
Просмотров 426 тыс.
Final muy increíble 😱
00:46
Просмотров 3,5 млн