Cars are increasingly integrated with digital technologies. Manufacturers aim to enhance the passenger experience by integrating onboard entertainment while minimizing driving effort. However, these advancements are enabled through more and more complex car computers. Tesla, a leader in this field, has actively promoted security research of their car computer by rewarding vulnerability disclosures and sponsoring security contests. However, they specifically exclude hardware attacks from these programs. This paper formalizes the assets of Tesla’s Car Computer specifically threatened by hardware attacks and outlines the security risks from various often overlooked stakeholders surrounding Connected Cars. All three subsystems of the Car Computer can be fully compromised: two through low-cost voltage glitching attacks and one with a non-invasive, persistent electromagnetic fault injection attack, validating all identified risks. While these attack vectors are well-known in IT security research, our attacks enable important scrutiny of Tesla’s controversial driving assistance systems. Furthermore, the vulnerable components are either advertised for automotive use or even certified by automotive safety standards, making our attacks applicable to other car brands using the same chips. Finally, as effective countermeasures to fault injection attacks can be expected soon, this paper makes an important case for third-party access to Connected Cars’ hardware, firmware, and data.
Kühnapfel et al. (Sun,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: