"Hypnosis" Tesla, this crazy thing, maybe only visible in the world's top hacker conference DEF CON. And, yes, it's Chinese hackers.
First talk about Tesla's AutoPilot. This system, which has made Elon Musk proud, has been used on a large scale in Tesla cars all over the world. This system can achieve automatic follow-up, automatic steering, and even when the traffic jam, it can automatically start and stop with the previous car.
Truthfully speaking, the availability of driver assistance systems is very high. Many Tesla owners have already tried to open the second ring of Beijing in the early morning peak, opened the assisted driving, closed their eyes for half an hour and then switched to manual mode to leave the main road.
However, availability and reliability are not so coordinated at certain special moments.
Tesla due to a serious accident caused by driving assistance
At the last moment before this Tesla was born, it was to turn on the assisted driving mode. It is said that the system recognized the front white truck as a distant building or billboard.
Tesla accident sketch
In the first two days, China’s Tesla’s “first strike†of automatic driving also occurred on the North Fifth Ring of Beijing.
Frequent crashes at least illustrate the point that assisted driving systems have many design flaws. The hackers from China, using actual attack tests, proved that the assisted driving system is far from being "infrequent failures." Without paying attention, it could be exploited and systematically launched various "terrorist" attacks.
Yan Yu (left) and Liu Jian (right)
Liu Jianyu, head of the 360 ​​Automotive Information Security Team, China’s Tesla cracked the first person;
Yan Hao, Ph.D., Zhejiang University, member of the Intelligent System Security Lab, a well-known car hacker.
It was they who led the team for the first time in the world to attack Tesla's automatic driving system with a real car.
Liu Jianwei introduced the working principle of Tesla's assisted driving system to Lei Fengwang in detail.
All sensors used in automotive autopilot systems include long-range radar, ultrasonic sensors, visible light sensors, and laser radar. Its measuring range, accuracy and effective distance have advantages and disadvantages, and they are generally used in combination.
Tesla's eyes: all kinds of sensorsThe first thing that can be done to assist driving is to recognize the surrounding environment.
To achieve this, Tesla chose three different "eyes":
Millimeter wave radar
Millimeter wave radar:
Tesla's radar is equipped with a frequency of up to 77GHz. This ultra-highband technology, once used as a secret technology of the US military, prohibits the sale to China. The radar is mounted on the front of Tesla to detect long-distance obstacles and can identify obstacles up to 150 meters away.
Ultrasonic sensor and position in the car
Ultrasonic sensor:
Tesla is covered with 12-Feather ultrasonic sensors to perceive obstructions that are about five meters around the body.
Position and display of high-definition camera on Tesla
HD camera:
This is the only visible light in Tesla's "eyes." The camera is placed in front of the car to identify lane markings and road signs such as speed limits and bans.
According to Liu Jianyu, the assisted driving system is based on the data collected by these sensors and uses automatic driving algorithms to achieve all functions such as planning path and auto-cruise.
He and Yan Hao's attack idea is very clear: as long as the black out of these sensors, so that data errors into the system, it will certainly have a serious attack effect.
In layman terms, what they have to do is "hypnosis" Tesla. Let this world's most advanced self-driving car
See things that don't exist;
Or can't see what's there.
This enters a terrible "nightmare" state.
Position of all sensors on the Tesla Model S body (blue for millimeter wave radar, gray for camera, red for ultrasonic sensor)
Get rid of the ultrasonic sensorSince the ultrasonic sensors are mainly distributed around the body, they are mainly used to determine the information of close objects. Therefore, in practical applications, their main role is to perceive that there are no obstacles in the vicinity to move closer to one another and to avoid the opposite direction.
Yan Yan told Lei Feng Network (search "Lei Feng Network" public concern) :
After reverse research, we found that the ultrasonic sensor used by Tesla emitted a wavelength of 40 Khz, and this wavelength of ultrasonic wave is not common in the real world. Such ultrasonic waves are emitted when shaking a keychain or a large truck brake, for example.
However, since 40Khz ultrasonic waves in the real world do not last long and the intensity is not so great, it seems that Tesla did not seriously study the influence of artificial ultrasonic waves on the assisted driving system.
Liu Jianyu & Yan Hao & Their Ultrasonic Disruptors
Noise attack
They then tried to perform a noise attack on Tesla's ultrasonic sensors. In simple terms, the same wavelength of noise is played with greater intensity. This will make it impossible for the ultrasonic sensor to recover its own signal and there is no way to measure the surrounding objects.
Surprisingly, in this case, Tesla did not choose to prompt the user to switch back to manual mode, but instead continue to move at the original speed. If there is an object near Tesla at this time, it will not react if it collides.
Noise attack ultrasonic sensor experiment site
Spoofing attack
The ultrasonic signal was further deciphered by the signal analyzer. Liu Jianxi and Yan Hao completely mastered the structure of the ultrasonic wave, so they tried to fool the sensor with a signal transmission device.
Tesla, who is "real and honest," is fooled and sends a false signal to the decision system. So in the underground garage without a car, actually started the auto follow-up mode;
When Liu Jian gave Tesla a virtual signal of obstacles in front of him, Tesla suddenly came to a brake.
Sensor data eventually leads to control of the car's brakes, steering wheel, and throttle behavior
"Bunny beat dog" attack
The hackers got the ultrasonic absorber material. Ultrasound signals hit this sponge-like material, which can be described as a meat bun playing dog - there is no return. In the experiment, no matter what the dangerous obstacles, as long as the covering of ultrasonic adsorption material, in the eyes of Tesla is a horse flat river, do not hit the south wall and never die back.
Of course, Liu Jianhao also feels that the current wave absorbing material is too thick and is used in reality to attack a bit funny. However, he said: "In the future, if the materials are thin and even transparent, this attack will become very dangerous."
In the demo video, Yan Hao hides in the wave absorbing material, the sensor does not sense
Kill the millimeter wave radar
Millimeter-wave radar is the most sophisticated of many Tesla sensors. The ultra-high frequency of 77GHz has exceeded the range that ordinary instruments can resolve.
Yan Hao told Lei Feng that it was only possible to buy three Teslas by investigating the equipment of the millimeter-wave radar. Liu Jianjun even jokingly said that borrowing this equipment is one of the biggest difficulties in the entire study.
Position A of Millimeter Wave Attack Equipment BCDE and Tesla Millimeter Wave Radar
However, with the analysis equipment, it is only the first step of the Long March. Analysis after down-converting the 77GHz UHF signal is also a very difficult process.
For millimeter-wave radar, noise attacks and deception attacks can also be implemented. In other words, Tesla can completely ignore the obstacles in front of him at high speeds, and he can also let Tesla to brake in an emergency.
In theory, such attacks can be carried out within tens of meters. It's like shooting a target with a pistol. However, the beam of millimeter-wave transmitters is relatively concentrated. In actual attacks, it is necessary to perfectly hit the radar of a car. This requires very good precision. "But as long as there is enough money to buy advanced equipment, these restrictions are not a problem." Yan Yan said.
After the millimeter-wave radar is attacked, the vehicle ahead disappears from the instrument panel. If it is in the state of automatic driving, the consequences are unimaginable.
Get rid of optical sensors (HD camera)
Perhaps the attack on the camera is the only kind of attack that ordinary people can enjoy. You only need a high-powered flashlight, which will be exposed to the camera. It will cause short-term blinding. This feature is consistent with all the cameras and the principle of the human eye.
The case of Tesla's collision truck at the beginning of the article is because the truck compartment was spotlessly white, causing the camera to have “snow blindnessâ€, unable to find the lane lines and signs in front of it, and unable to determine the true nature of the object. So it caused a car accident. (You may want to ask the advanced millimeter-wave radar to be a horse at the time. That's right, the truck is so high that the radar signal perfectly escapes from the bottom of the car.)
Of course, Tesla's camera also supports infrared night vision, so using an infrared flashlight to illuminate the camera will also cause it to become "blind."
Using LED lights or laser pointers, the attack cost to Tesla is around US$10
What does Tesla sayAbout a month before this DEF CON speech, Liu Jianyi and Yan Hao had already submitted this defect to Tesla. Tesla made a one-hour conference call with the hacking team two weeks ago.
Although the final conclusion is not very encouraging: Tesla said he would also take the time to assess the extent of these defects in the actual situation of the security threat.
However, Liu Jianwei believes that these defects are worthy of attention:
The former car sensor was only used as a reference for human driving and did not directly influence the driving decision. Tesla's assisted driving system allows the sensor to directly connect to the car's CAN bus, which means that the attack surface of the car is extended from the original bus attack and car networking attacks to sensor attacks.
From the current trend, an important branch of the robot is the “autobots†with image recognition and artificial intelligence. For the “autobots†with increasing capabilities, the damage that such attacks can cause will be getting bigger.
Yanjian Liu and Yan Yan on the DEF CON 24 Lecture
Yan Hao said: "In the face of increasingly high-risk attacks, the assisted driving system does not have an abnormal detection mechanism for signals. This is a huge hidden danger. For example, if the signal detected by the shampoo is abnormal, the first action should be Keep your car safe, not do anything.â€
One thing is beyond doubt that assisted driving has changed people's driving style. People’s dependence on machines can only deepen and never go backwards. This kind of technology, which is trusted by human beings and entrusted with life safety, cannot withstand many defects.
When a person sleeps in the car, his Tesla also enters the "dreamland."
This is probably the greatest mockery of human wisdom.
Liu Jianyi and Yan Hao’s crackdown on Tesla is actually more like a warning. The moment we entrust our own senses to the machine, we must begin to struggle to stop the terrible ending depicted in The Matrix.
360 Automotive Information Security Laboratory (Skywalker team), the main research direction for automotive information security. In 2014, the Tesla car was found to have a remote control and keyless start-up function; in 2015, the BYD car cloud service and remote control driving function were found to be flawed; and in 2015, the assistance in driving a millimeter-wave radar and ultrasonic radar sensor was discovered.
Rack Battery,Solar Rack System,Lithium Battery 5Kwh,Rack Mounted Battery
JIANGSU BEST ENERGY CO.,LTD , https://www.bestsolar-group.com