- The Enhanced Autopilot feature in Tesla Model S 75 could not distinguish a ‘fake lane’ created by the researchers.
- It was tested with a machine learning algorithm that was designed to generate adversarial examples.
Tesla’s Autopilot feature has come under the scanner after white hats tricked one of its cars to drive into a wrong lane. Security researchers from Tencent’s Keen Security Lab experimented with the lane recognition technology in the Autopilot feature and found that it could be misled with the use of lane stickers laid out on the road.
Furthermore, the researchers remotely accessed the software in Autopilot and even controlled the steering system. All of these findings were published by the researchers in a detailed report.
The big picture
- Enhanced Autopilot in Tesla Model S 75 was tested in terms of both the related hardware and software. While the software ran 2018.6.1, the hardware version was 2.5.
- The researchers devised two approaches known as ‘Eliminate Lane attack’ and ‘Fake lane attack’ to trick the Autopilot feature.
- The former approach involved disturbing lane markings to make it look blurred. However, the lane recognition technology worked well under these circumstances.
- The latter approach involved placing three square-shaped stickers at an intersection. These would serve as interference patches. The Autopilot failed to realize that these were stickers and followed a wrong lane.
- The report also covered inaccuracies found in Tesla’s Auto Wipers, as well as in the steering system.
How was the research conducted - The experts mention that adversarial examples were referred extensively to design the manipulation.
“We used an improved optimization algorithm to generate adversarial examples of the features (autowipers and lane recognition) which make decisions purely based on camera data, and successfully achieved the adversarial example attack in the physical world,” the researchers wrote.
What actions has Tesla taken?
Currently, Tesla has only acknowledged the remote access issue in the software and has fixed them with patches. However, it did not find the research credible enough since the lane attacks were performed in a controlled environment.