Glitching car for profit: Fault injection attacks on Tesla IVI & Autopilot (HW3 and HW4) for root and more! 🚘⚡🥽👨🏻‍💻🏆

Last month, security researchers Niclas Kühnapfel, Christian Werling, Hans Niklas Jacob, and Jean-Pierre Seifert published a detailed and fascinating study of key hardware components in Tesla car computers.

Hardware in scope:

⚡ Infotainment (AMD Ryzen V1000 APU),

⚡ Autopilot (Tesla FSD chips + SCS),

⚡ Gateway (NXP MPC5748G).

For the Tesla Gateway electromagnetic fault injection (EMFI), the authors achieved 228 successes out of 10,000 tries (~2.28%). With a rate of three attempts per second, that implies a successful Gateway glitch roughly every 15 seconds (!!!) while scanning the right spot and timing - just in case you thought it took days or weeks.

Please share this paper with the community, colleagues, and friends. It is an interesting study with many insights, and it also makes a strong case for why fault injection attacks are practical and effective.

More details:

Three Glitches to Rule One Car: Fault Injection Attacks on a Connected EV [PDF]: https://dl.acm.org/doi/10.1145/3708821.3710820