Image: Roi Mit
Blog Editor’s Note: An interesting reminder of a hallmark event within the PNT community. We are sure it had a significant impact on the folks at Tesla, and probably significant but probably lesser impact at other car companies.
We would have hoped that all GNSS users would take the lesson to heart and in the last two years taken significant steps to upgrade all their receivers and antennas to make them more resilient to spoofing. Probably didn’t happen.
Toward the end of the article Roi mentions the inclusion of cybersecurity provisions in the U.N. regulations. Great acknowledgement of the impact of Regulus’s work and the impact it has had.
Just the U.N. saying manufacturers have to demonstrate their vehicles are cybersecure, though, is a long way from making that a reality. That will have to be interpreted and enforced by national governments – each with their own definitions of what that means and structures for requirements and enforcement.
Well done again to Regulus making an important step in this long journey.
Full disclosure – Regulus is a corporate member of the RNT Foundation.
In June 2019, Regulus Cyber’s experts successfully spoofed the GPS-based navigation system of a Tesla Model 3 vehicle. This experiment provided an important warning for all companies using GNSS location and timing: these technologies, on which they depend, are highly vulnerable to spoofing attacks. In the two years since the experiment, companies and governments have continued to research the potential harm that can be caused by spoofing attacks and are learning more about how to defend themselves from them.
The Tesla experiment was groundbreaking because it was the first time that a level 2.5 autonomous vehicle was exposed to a sophisticated GPS spoofing attack and its behavior recorded.
We chose Tesla’s Model 3 because it had the most sophisticated advanced driver assistance system (ADAS) at the time, called Navigate on Autopilot (abbreviated NOA or Autopilot), which uses GPS to make several driving decisions. However, this experiment exposed several cybersecurity issues potentially affecting all vehicles relying on GPS as part of their sensor fusion for autonomous decision making.