We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
37C3 - Back in the Driver's Seat: Recovering Critical Data from Tesla Autopilot Using Voltage Glitch
Researchers demonstrate a novel method to recover critical data from Tesla Autopilot using voltage glitching, showcasing the potential for data breaches and security concerns.
- The talk presents a method to recover critical data from Tesla Autopilot using voltage glitching, a technique to induce faults in the processor.
- The researchers found that the Autopilot storage contains error messages, including snapshots of video data, which can be recovered using a fault injection attack.
- The attack involves modifying the root certificate authority (CA) to enable access to the Autopilot API, which is usually only accessible to Tesla’s servers.
- The researchers used a Teensy microcontroller to monitor and manipulate the SPI activity of the Autopilot system, allowing them to recover sensitive data, including GPS data and video footage.
- The attack was successful because the Autopilot system does not have a strong authentication mechanism, and the root CA can be modified to enable access.
- The researchers believe that their findings could have implications for privacy and security, as the recovered data could potentially be used to identify or track individuals.
- The talk also discusses the use of voltage glitching as a method for attacking other systems, and the potential for side channels to be used for generation of triggers.
- The researchers used a number of tools and techniques, including oscilloscopes, capacitors, and MOSFETs, to develop and execute their attack.
- The attack was developed and tested over several weeks, with a number of iterations and refinements to the methodology.
- The researchers reported that they were able to recover a significant amount of data, including GPS data, video footage, and metadata, using their attack.
- The talk concludes with a discussion of the potential implications and limitations of the attack, as well as potential countermeasures to prevent similar attacks in the future.