• Resources
  • Blog
  • Journalists
  • Log In
  • Sign Up
  • Data Privacy
  • Send a Release
Cision PR Newswire: news distribution, targeting and monitoring home
  • News
  • Products
    • Overview
    • Distribution by PR Newswire
    • Cision Communications Cloud®
    • Cision IR
    • All Products
  • Contact
    • General Inquiries
    • Request a Demo
    • Editorial Bureaus
    • Partnerships
    • Media Inquiries
    • Worldwide Offices

 

When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases
      • All News Releases
      • All Public Company
      • English-only


      • News Releases Overview
      • Multimedia Gallery
      • All Multimedia
      • All Photos
      • All Videos


      • Multimedia Gallery Overview
      • Trending Topics
      • All Trending Topics


  • Business & Money
      • Auto & Transportation
      • All Automotive & Transportation
      • Aerospace, Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads and Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking and Road Transportation


      • Auto & Transportation Overview
      • Business Technology
      • All Business Technology
      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors


      • Business Technology Overview
      • Entertain­ment & Media
      • All Entertain­ment & Media
      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television


      • Entertain­ment & Media Overview
      • Financial Services & Investing
      • All Financial Services & Investing
      • Accounting News & Issues
      • Acquisitions, Mergers and Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalization
      • Sales Reports
      • Shareholder Activism
      • Stock Offering
      • Stock Split
      • Venture Capital


      • Financial Services & Investing Overview
      • General Business
      • All General Business
      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls and Research
      • Trade Show News


      • General Business Overview
  • Science & Tech
      • Consumer Technology
      • All Consumer Technology
      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications


      • Consumer Technology Overview
      • Energy & Natural Resources
      • All Energy
      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil and Gas Discoveries
      • Utilities
      • Water Utilities


      • Energy & Natural Resources Overview
      • Environ­ment
      • All Environ­ment
      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters


      • Environ­ment Overview
      • Heavy Industry & Manufacturing
      • All Heavy Industry & Manufacturing
      • Aerospace & Defense
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation and Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking and Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco


      • Heavy Industry & Manufacturing Overview
      • Telecomm­unications
      • All Telecomm­unications
      • Carriers and Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications


      • Telecomm­unications Overview
  • Lifestyle & Health
      • Consumer Products & Retail
      • All Consumer Products & Retail
      • Animals & Pets
      • Beers, Wines and Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics and Personal Care
      • Fashion
      • Food & Beverages
      • Furniture and Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewelry
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys


      • Consumer Products & Retail Overview
      • Entertain­ment & Media
      • All Entertain­ment & Media
      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television


      • Entertain­ment & Media Overview
      • Health
      • All Health
      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine


      • Health Overview
      • Sports
      • All Sports
      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories


      • Sports Overview
      • Travel
      • All Travel
      • Amusement Parks and Tourist Attractions
      • Gambling & Casinos
      • Hotels and Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry


      • Travel Overview
  • Policy & Public Interest
      • Policy & Public Interest
      • All Policy & Public Interest
      • Advocacy Group Opinion
      • Animal Welfare
      • Congressional & Presidential Campaigns
      • Corporate Social Responsibility
      • Domestic Policy
      • Economic News, Trends, Analysis
      • Education
      • Environmental
      • European Government
      • FDA Approval
      • Federal and State Legislation
      • Federal Executive Branch & Agency
      • Foreign Policy & International Affairs
      • Homeland Security
      • Labor & Union
      • Legal Issues
      • Natural Disasters
      • Not For Profit
      • Patent Law
      • Public Safety
      • Trade Policy
      • U.S. State Policy


      • Policy & Public Interest Overview
  • People & Culture
      • People & Culture
      • All People & Culture
      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women


      • People & Culture Overview
      • In-Language News

      • español
      • português
      • Česko
      • Danmark
      • Deutschland
      • España
      • France
      • Italia
      • Nederland
      • Norge
      • Polska
      • Portugal
      • Россия
      • Slovensko
      • Suomi
      • Sverige
  • Overview
  • Distribution by PR Newswire
  • Cision Communications Cloud®
  • Cision IR
  • All Products
  • General Inquiries
  • Request a Demo
  • Editorial Bureaus
  • Partnerships
  • Media Inquiries
  • Worldwide Offices
  • PR Newswire: news distribution, targeting and monitoring
  • Send a Release
    • ALL CONTACT INFO

      Contact Us

      888-776-0942
      from 8 AM - 10 PM ET

  • Send a Release
  • Sign Up
  • Log In
  • Resources
  • Blog
  • Journalists
  • RSS
  • GDPR
  • News in Focus
    • Browse All News
    • Multimedia Gallery
    • Trending Topics
    • Send a Release
    • Sign Up
    • Log In
    • Resources
    • Blog
    • Journalists
    • RSS
    • GDPR
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
    • Send a Release
    • Sign Up
    • Log In
    • Resources
    • Blog
    • Journalists
    • RSS
    • GDPR
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
    • Send a Release
    • Sign Up
    • Log In
    • Resources
    • Blog
    • Journalists
    • RSS
    • GDPR
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
    • Send a Release
    • Sign Up
    • Log In
    • Resources
    • Blog
    • Journalists
    • RSS
    • GDPR
  • Policy & Public Interest
    • Send a Release
    • Sign Up
    • Log In
    • Resources
    • Blog
    • Journalists
    • RSS
    • GDPR
  • People & Culture
    • People & Culture
    • Send a Release
    • Sign Up
    • Log In
    • Resources
    • Blog
    • Journalists
    • RSS
    • GDPR
  • Send a Release
  • Sign Up
  • Log In
  • Resources
  • Blog
  • Journalists
  • RSS
  • GDPR
  • Overview
  • Distribution by PR Newswire
  • Cision Communications Cloud®
  • Cision IR
  • All Products
  • Send a Release
  • Sign Up
  • Log In
  • Resources
  • Blog
  • Journalists
  • RSS
  • GDPR
  • General Inquiries
  • Request a Demo
  • Editorial Bureaus
  • Partnerships
  • Media Inquiries
  • Worldwide Offices
  • Send a Release
  • Sign Up
  • Log In
  • Resources
  • Blog
  • Journalists
  • RSS
  • GDPR

Tesla Model S and Model 3 Prove Vulnerable to GPS Spoofing Attacks as Autopilot Navigation Steers Car off Road, Research from Regulus Cyber Shows
  • USA - English

Test drive illuminates need to protect GNSS with proactive cybersecurity strategies


News provided by

Regulus Cyber

Jun 19, 2019, 05:25 ET

Share this article

Share this article


HAIFA, Israel, June 19, 2019 /PRNewswire/ -- Tesla Model S and Model 3, electric cars built for speed and safety, are vulnerable to cyberattacks aimed at their navigation systems, according to recent research from Regulus Cyber. During a test drive using Tesla's Navigate on Autopilot feature, a staged attack caused the car to suddenly slow down and unexpectedly veer off the main road. Regulus Cyber, the first company to deal with smart-sensor security across a wide range of applications including automotive, mobile, and critical infrastructure, initially discovered the Tesla vulnerability during its ongoing study of the threat that easily accessible spoofing technology poses to GNSS (global navigation satellite systems, also known as GPS) receivers.

The Regulus Cyber researchers found that spoofing attacks on the Tesla GNSS (GPS) receiver could easily be carried out wirelessly and remotely, exploiting security vulnerabilities in mission-critical telematics, sensor fusion, and navigation capabilities.

Regulus Cyber experts traveled to Europe last week to test-drive the Tesla Model 3 using Navigate on Autopilot. An active guidance feature for its Enhanced Autopilot platform, it's meant to make following the route to a destination easier, which includes suggesting and making lane changes and taking interchange exits, all with driver supervision. While it initially required drivers to confirm lane changes using the turn signals before the car moved into an adjacent lane, current versions of Navigate on Autopilot allow drivers to waive the confirmation requirement if they choose, meaning the car can activate the turn signal and start turning on its own. Tesla emphasizes that "in both of these scenarios until truly driverless cars are validated and approved by regulators, drivers are responsible for and must remain ready to take manual control of their car at all times."

Designed to reveal how the semi-autonomous Model S and Model 3 would react to a spoofing attack, the Regulus Cyber test began with the car driving normally and the autopilot navigation feature activated, maintaining a constant speed and position in the middle of the lane. Although the car was three miles away from the planned exit when the spoofing attack began, the car reacted as if the exit was just 500 feet away—abruptly slowing down, activating the right turn signal, and making a sharp turn off the main road. The driver immediately took manual control but couldn't stop the car from leaving the road.

The testing revealed another unexpected finding that significantly amplified the threat—a link between the car's navigation and air suspension systems. This resulted in the height of the car changing unexpectedly while moving because the suspension system "thought" it was driving through various locations during the test, either on smooth roadways, when the car was lowered for greater aerodynamics, or "off-road" streets, which would activate the car elevating its undercarriage to avoid any obstacles on the road.

Yoav Zangvil, Regulus Cyber CTO and co-founder, explains that GNSS spoofing is a growing threat to ADAS and autonomous vehicles. "Until now, awareness of cybersecurity issues with GNSS and sensors has been limited in the automotive industry. But as dependency on GNSS is on the rise, there's a real need to bridge the gap between its tremendous inherent benefits and its potential hazards. It's crucial today for the automotive industry to adopt a proactive approach towards cybersecurity."

The Regulus Cyber testing is designed to assess the impact of spoofing with low-cost, open source hardware and software, the same kind of technology that is accessible to anyone via e-commerce websites and open source projects on GitHub. Taking control of Tesla's GPS with off-the-shelf tools took less than one minute. The researchers were able to remotely affect various aspects of the driving experience, including navigation, mapping, power calculations, and the suspension system. Under attack, the GNSS system displayed incorrect positions on the maps, making it impossible to plot an accurate route to the destination.

Prior to the Model 3 road test, Regulus Cyber provided its Model S research results to the Tesla Vulnerability Reporting Team, which responded with the following points at that time:

Any product or service that uses the public GPS broadcast system can be affected by GPS spoofing, which is why this kind of attack is considered a federal crime. Even though this research doesn't demonstrate any Tesla-specific vulnerabilities, that hasn't stopped us from taking steps to introduce safeguards in the future which we believe will make our products more secure against these kinds of attacks.

The effect of GPS spoofing on Tesla cars is minimal and does not pose a safety risk, given that it would at most slightly raise or lower the vehicle's air suspension system, which is not unsafe to do during regular driving or potentially route a driver to an incorrect location during manual driving.

While these researchers did not test the effects of GPS spoofing when Autopilot or Navigate on Autopilot was in use, we know that drivers using those features must still be responsible for the car at all times and can easily override Autopilot and Navigate on Autopilot at any time by using the steering wheel or brakes, and should always be prepared to do so.

"This is a distressing answer by a car manufacturer that is the self-proclaimed leader in the autonomous vehicle race," Zangvil comments. "As drivers and safety/security experts, we're not comforted by vague hints towards future safeguards and statements that dismiss the threats of GPS attacks." He offers the following counterpoints in response:

  • Attacks against any GPS system are indeed considered a crime because their effects are dangerous, as we've shown, yet the same devices we used to simulate the attacks are legally accessible to any person, online via e-commerce sites
  • Taking steps to "introduce safeguards for the future" indicates that spoofing is, in fact, a major issue for Tesla, which relies heavily on GNSS
  • In the case of cars, a spoofing attack is confusing in the best case, and a threat to safety in more severe scenarios
  • The more GPS data is leveraged in automated driver assistance systems, the stronger and more unpredictable the effects of spoofing becomes
  • The fact that spoofing causes unforeseen results like unintentional acceleration and deceleration, as we've shown, clearly demonstrates that GNSS spoofing raises a safety issue that must be addressed
  • In addition, the spoofing attack made the car engage in a physical maneuver off the road, providing a dire glimpse into the troubled future of autonomous cars that would have to rely on unsecure GNSS for navigation and decision-making
  • Given that the trust of the public still has to be earned as the automotive industry moves towards autonomy, the leading players are accountable for a responsible deployment of new technology
  • As Tesla clearly stated, drivers are responsible for overriding autopilot under a spoofing attack, so it appears its auto pilot system can't be trusted to function safely under a spoofing attack.
  • Because every GNSS/GPS broadcast system can be affected by GNSS/GPS spoofing, the issue is everyone's problem and shouldn't be ignored; furthermore, governments and regulators that have a mandate to protect the public's safety must engage in proactive measures to ensure only safe GNSS receivers are used in cars

"According to Tesla, they'll soon be releasing completely autonomous cars utilizing GNSS, which means that, in theory, an attacker could remotely control the car's route planning and navigation," Zangvil says. "We're obligated to ask what steps they're taking to address this threat, and whether new safeguards will be implemented in its next generation of entirely autonomous cars."

Although Regulus Cyber researchers tested only the Model S and Model 3, they concluded that the "disturbing vulnerability" of Tesla's GNSS system is most likely company-wide, as the same chipsets are used across the Tesla fleet.

"Just a few months ago we saw that during a spoofing incident in a car show in Geneva, seven different car manufacturers complained that their cars were being spoofed. This incident proves that many other automotive companies that are working on the next generation of autonomous cars are also vulnerable to these attacks. As an industry, to win public trust and succeed, every car manufacturer should be proactive and prepare against these threats," Zangvil says.

About Regulus Cyber

Regulus Cyber is the first company to deal with smart-sensor security. From GNSS (global navigation satellite systems, also known as GPS) to lidar and radar, smart sensors are critical components across a wide range of applications like mobility and automotive, mobile, and critical infrastructure. Real-world attacks against these sensors is a growing concern; therefore, Regulus focuses on GNSS (GPS) security, a field that is very different from connected internet-based attacks.

The company's Pyramid GNSS (GPS) technology provides the first solution to detect and protect GNSS receivers against smart spoofing attacks. Pyramid GNSS is secure, affordable, and applicable to multiple industries. Regulus is developing a variety of anti-spoofing technologies, including a fortified GNSS receiver that protects against spoofing attacks, a software stack, relevant for any GNSS receiver as a firmware update, and an IP core algorithm for the GNSS chip level.

Founded in 2016, Regulus is based in Haifa, Israel, and is backed by Sierra Ventures, Canaan Partners Israel, the Technion, and F2 Capital. For more information, visit www.regulus.com.

DeeDee Rudenstein
President & CEO
Propel Strategic Communications
2 Bala Plaza, Suite 300
Bala Cynwyd, PA 19004
(o) 610-660-7787
(m) 267-521-9654

SOURCE Regulus Cyber

Modal title

    Contact Cision

  • Cision Distribution 888-776-0942
    from 8 AM - 9 PM ET

  • Chat with an Expert
    • General Inquiries
    • Request a Demo
    • Editorial Bureaus
    • Partnerships
    • Media Inquiries
    • Worldwide Offices

    Products

  • Cision Communication Cloud®
  • For Marketers
  • For Public Relations
  • For IR & Compliance
  • For Agency
  • For Small Business
  • All Products

    About

  • About PR Newswire
  • About Cision
  • Become a Publishing Partner
  • Become a Channel Partner
  • Careers
  • COVID-19 Resources
  • Accessibility Statement

    • Asia
    • Brazil
    • Canada
    • Czech
    • Denmark
    • Finland
    • France
    • Germany
    • India
    • Israel
    • Italy
    • Mexico
    • Middle East
    • Netherlands
    • Norway
    • Poland
    • Portugal
    • Russia
    • Slovakia
    • Spain
    • Sweden
    • United Kingdom

    My Services

  • All New Releases
  • Online Member Center
  • ProfNet

Contact Cision


Products


About


My Services
  • All News Releases
  • Online Member Center
  • ProfNet℠
Cision Distribution Helpline
888-776-0942
  • Terms of Use
  • Privacy Policy
  • Information Security Policy
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2021 Cision US Inc.