How researchers attacked and broke TESLA Autopilot using Voltage glitch? 

In a recent revelation, German researchers managed to breach the security of a Tesla Model 3’s circuit board using a £520-equipment. Their investigation unveiled code confirming the presence of ‘Elon Mode’, a functionality that eliminates the requirement for drivers to maintain hands on the steering wheel while using Autopilot.   

The security implications are alarming, as personal information about drivers and code related to ‘Elon Mode’, which reduces driver monitoring alerts, were accessed. Furthermore, the researchers suggest that hacking into the system could potentially unlock additional features without payment. With Tesla’s Autopilot facing public scrutiny, questions arise about the system’s security.  

The researchers employed a “voltage glitching” attack to hack into the system and gain access to this code.  

  
What is a Voltage Glitch Attack?  

A voltage glitch or voltage glitching attack is a method used to exploit vulnerabilities in electronic systems by manipulating the power supply voltage. The goal is to disrupt the normal operation of a device or system temporarily, causing unintended consequences such as software bugs, data corruption or unauthorized access. This type of attack takes advantage of the sensitivity of electronic components to variations in voltage.  

A voltage glitch attack involves the following steps:  

1. The attacker chooses a specific electronic system or subsystem to target, such as a microcontroller or CPU.  
2. Usually, the attacker needs physical access to the system, messing with the hardware via probes for instance.  
3. They introduce quick and controlled changes in the power supply voltage, often by creating power glitches.     
4. The intentional voltage glitch messes up how the targeted component works, leading to unexpected problems or faults in the system.  
5. By carefully timing the glitch, the attacker may take advantage of vulnerabilities, gain unauthorized access, or grab sensitive information based on how the system reacts.  
6. If successful, the attacker may get special access or control over the system, allowing to run a malicious code or grab important data.  

Voltage glitch attacks are often complex and require a deep understanding of the target system’s architecture. Mitigating such attacks may involve implementing countermeasures, such as secure hardware designs, real-time voltage monitoring, or encryption to protect sensitive data. Secure-IC possesses the essential tools and materials for executing attacks and offensive testing to pinpoint security vulnerabilities within a system. Among its array of security evaluation tools, Laboryzr™, Secure-IC notably features the POCGI (Power & Clock Glitch Injector), a tool specifically designed by Secure-IC to facilitate voltage and clock frequency modifications.  

As part of Laboryzr™, Secure-IC’s Analyzr™ enables physical security evaluation at the post-silicon stage, after the chip has been produced, on real physical chips and boards. Alongside it, Secure-IC presents Virtualyzr™, a tool employed during the design stage to assess vulnerability to Side Channel Attacks and Fault Injection Attacks. 

How to protect against voltage glitch attacks?  

Secure-IC provides robust solutions dedicated to preventing and safeguarding against voltage glitch attacks, ensuring the steadfast security of interconnected devices. Central to this defensive strategy is our Intrusion Detection System (IDS), seamlessly operating on a System on Chip (SoC) CPU within the device’s OS. This solution vigilantly monitors various sensors and buses, such as Ethernet and CAN, enabling the analysis of potential threats and responsive actions at the device level.  Adopting the XDR (eXtended Detection and Response) model, our Securyzr™ Host Software agent IDS employs a Rule-Based AI Methodology to discern and eliminate false-positive alerts, offering enhanced discrimination in threat detection, analysis, and response. 

Designed specifically for automotive applications, the Intrusion Detection System (IDS) enhances protection against potential intrusions by leveraging the Secure-IC’s Securyzr™ integrated Secure Element (iSE) S700 Series, and in particular data and alarms supplied by dedicated anti-tampering IPs, such as Active Shield and Digital Sensor, embedded within iSE S700. The Digital Sensor is specifically designed to detect various perturbation attacks such as clock glitches, power glitches, overheating or radiations. Even before the attack influences the system, Secure-IC’s solutions allow for the prevention, anticipation, and execution of actions to avoid any damages.  

Additionally, Secure-IC’s Cyber Escort Unit IP provides a dual defense against cyber and hardware attacks, stopping malicious attacks on the code or control flow before execution. This unit detects timely code corruption and control flow graph (CFG) deviations, offering robust protection against buffer overflow attacks and Control Flow Integrity Corruption. 

Do you want to know more about Secure-IC solutions to protect sensitive data and prevent unauthorized access to your systems? Come discuss with us at CES 2024!