Archivio di tutti i clip:
clips.quintarelli.it
(Notebook di Evernote).
Claims of Tesla hack wide of the mark—we dig into GNSS hacking
This Tesla hack is plausible, but its implications were wildly overstated.
Jim Salter
– 6/22/2019, 4:00 PM
On Wednesday of this week, an Israeli firm called Regulus Cyber issued a press release stating that “spoofing attacks on the Tesla GNSS (GPS) receiver could easily be carried out wirelessly and remotely.” In the firm’s demonstration attack on a Model 3, “the car reacted as if the exit was just 500 feet away—abruptly slowing down, activating the right turn signal, and making a sharp turn off the main road,” according to Regulus. “The driver immediately took manual control but couldn’t stop the car from leaving the road.”
Tesla’s official response could best be described as “brusque.”
“These marketing claims are simply a for-profit company’s attempt to use Tesla’s name to mislead the public into thinking there is a problem that would require the purchase of this company’s product. That is simply not the case. Safety is our top priority and we do not have any safety concerns related to these claims.”Tesla official spokesperson
So, a company most of us haven’t heard of tells us that it’s demonstrated disturbing vulnerabilities in Tesla. Tesla, in effect, says said company is just looking for a buck and there’s no problem, but it doesn’t really provide any details. Where does the truth lie? That question necessitates a look at the merits of this specific Regulus-vs-Tesla claim—and then a broader glance into the history, technology, and possibilities of GNSS spoofing itself.
A closer look at the Regulus demo
If you read the opening paragraph of this article and thought that evil hackers took remote control of a car and made it go violently off-road, no strings attached, don’t feel bad—you were almost certainly meant to. But the reality is much different. The first, most obvious objection is that Regulus physically affixed an antenna to the roof of the Model 3 and wired it into its systems before the demonstration. That isn’t really the smoking gun it appears to be; it would’ve been possible to get the same effect with no antenna or wires, it just would have been extremely irresponsible (and most likely illegal).
Enlarge / This small antenna was affixed to the Model 3’s roof before running the GNSS spoofing demo.Regulus Cyber
We’ll get into some of the hairy technical details later, but GNSS spoofing is typically a broadcast attack which can be expected to affect a large area. Putting an antenna on the roof of the Model 3 allowed Regulus to use far less power than would otherwise be required, and therefore the firm could be far less worried about accidentally impacting other, unrelated GPS devices nearby. That said, I don’t mind giving them a pass on this one; presumably real bad guys would have fewer constraints and thereby wouldn’t need to bother with the physical antenna and wiring in order to attack someone’s car. The real problem is a little less obvious, and you’re unlikely to spot it unless you find Regulus Cyber’s actual blog post on the experiment—which is much more detailed, and conspicuously not linked directly from the press release.
A very similar, earlier experiment performed by Regulus Cyber in January of 2019. The car being attacked is convinced to take the wrong road—but it’s still on an actual road. This is a critical detail.
This video from an earlier experiment is an excellent example of the kind of “Pied Piper” attack that Regulus successfully carried off against the Model 3. It’s entirely possible—even somewhat trivial, if you don’t mind becoming an instant felon—to use GNSS spoofing to convince an autonomous or semi-autonomous car that it isn’t where it thought it was, and it should turn on the wrong road.
But this attack is like handing Mom or Dad the wrong map on a family vacation: sure, you might get lost, but the wrong map won’t plow the car into a tree. Just like the human driver in our example, an autonomous or semi-autonomous automotive application only uses the GPS to decide which road to take; what is or is not a road at all is decided by local sensors. In a human driver’s case, “local sensors” mostly means a pair of good old-fashioned Mk I Eyeballs; in the Tesla’s, it’s radar, ultrasonics, and a suite of eight cameras enabling full-time 360-degree visual coverage. I reached out to spokespersons from Tesla, Uber, and Cruise, and all made similar statements. Essentially, these companies say GPS helps cars decide which road to take, but it has nothing to do with a car’s decision about what is or is not a road in the first place.
Listing image by Regulus Cyber
Page: 1 2 Next →
Page 2
This Tesla hack is plausible, but its implications were wildly overstated.
Jim Salter
– Jun 22, 2019 2:00 pm UTC
How GNSS spoofing works
I read a lot of academic technical papers describing GNSS itself (and the practicality and methodology of attacking and defending it) while researching this article. All of them filled me with a profound sense of deja vu—civilian GPS was set up with the same warm, fuzzy feelings of trust that the original Internet protocols were, and it shows. The SMTP protocol which delivers your email was originally designed with the idea that any computer, on receiving any email, would automatically and helpfully attempt to forward it on closer to its final destination. Unfortunately, this meant—among other things—that any malicious actor could slip messages with false data and bad intent into any machine, anywhere, obscuring the original source. What seemed like a great idea for a network with a few helpful researchers on it turned into an absolute nightmare by the time a commercial Internet with millions, and eventually billions, of people began using and abusing it.
There aren’t any relays involved in GNSS, but the same complete lack of forethought about security and bad actors is baked right into the protocol. Effectively, if you can transmit to a GPS receiver, you can speak GPS to it and it will trust you. There’s no authentication process involved, and you might even be able to MacGyver together a working spoofing device out of a hacked $15 USB-to-VGA adapter. Granted, you could easily wind up with thousands of dollars in fines or even prison time for trying it—but in strictly technical terms, there’s very little stopping you.
If multiple antenna inputs are available, a very powerful discriminant is to see if all of the signals come from the same direction. (Hint: they shouldn’t).Logan Scott, GPS Consultant, talking to Ars.
While there are several ways to harden civilian GPS receivers against attack, even without modifying the overall GPS system itself, none of those seem to be in wide use. To be fair to Regulus Cyber, this is exactly the problem that company wants to bring awareness to—but it’s equally fair to note that the company did not detail the methodology, let alone effectiveness, of the actual product in this month’s demonstration.
GNSS spoofing, past and probable future
So far, GNSS spoofing has mostly been the subject of academic experiments and eyebrow-raising tales of government cloak-and-dagger, and there are very few well-documented cases to examine. Jalopnik documented a case in March 2019 of several cars, various makes and models, suddenly deciding they’d teleported nearly seven hundred miles away. The vehicles’ sudden new location was the default status of a well-known piece of GPS lab equipment, so it’s probable that somebody was playing with illegal amplification of signals from that equipment—no real harm was done, and they may not have even meant to affect the cars at the show. In 2017, 20 or so vessels in the Black Sea reported that three-meter accurate GPS systems were suddenly 25 nautical miles off. This and many similar incidents are widely understood to be Russian spoofing attacks.
Enlarge / A simple diagram of the GNSS spoofing installation made by UT researchers aboard a 65m yacht.University of Texas
The most interesting, detailed study I found was a University of Texas whitepaper detailing the experimental hostile GPS takeover of the White Rose of Drachs, a 65m yacht. In addition to describing their own, successful efforts to subvert the yacht’s GPS navigation system, the authors give an excellent illustrative example of just how badly too much trust in automated navigation systems can go wrong. In 1995, the 174m Panamanian cruise ship Royal Majesty had a mechanical failure that forced its navigation system to switch from GPS to dead reckoning. Dead (inertial) reckoning is far less accurate than GPS, and by the ship’s final approach to Nantucket, it had accumulated a 31 kilometer cross-track error. The crew—who had not noticed either the GPS failover to dead reckoning, or the accumulated error—were so accustomed to the accuracy of the system that, despite a lookout physically sighting blue-and-white water ahead, they confidently sailed the ship hard aground on off-coast shoals.
Automotive navigation is very different from maritime or aeronautical navigation, since it requires the identification of very narrow, unmoving and pre-defined tracks and must gracefully handle paths chock-full of moving obstacles. I suspect that the future of criminal automotive GNSS spoofing attacks, if there is one, will involve Pied Piper attacks on fully autonomous freight vehicles traveling through poorly-patrolled rural areas. If you know what the destination of an 18-wheeler full of valuable goods is, you could feed it bogus GNSS data from a shadowing car, convince it that it needed to take the wrong exit, and travel to entirely the wrong unloading facility, strip its goods, and send it right back home again empty. There are sharp limits to even this technique, though: without foreknowledge of a vehicle’s destination, it would be difficult or impossible to reliably guide it where you wanted it to go. It would also be significantly more difficult to pick a single vehicle out of any significant traffic without affecting surrounding vehicles, with unpredictable effects on their own navigation and greatly increased risk of premature attack detection.
There’s fertile ground here for plenty of pulse-quickening Mission-Impossible style movie and videogame plots, and much work can and should be done on making GPS receivers more reliable and difficult to fool. But the sky isn’t falling, and bad GPS data won’t pilot your car into the side of a building.
Page: 1 2
