Tesla Autopilot Duped By ‘Phantom’ Images

Threatpost | February 03, 2020

  • Researchers said that they were able to create “phantom” images purporting to be an obstacle, lane or road sign and trick systems into believing that they are legitimate.

  • On the scale of level 0 (no automation) to level 5 (full automation), these autopilot systems are considered “level 2” automation.

  • Configuring ADAS systems so that they take into account objects’ context, reflected light, and surface would help mitigate the issue.


Research has shown that a two-dimensional image of a person projected on a Tesla Model X's autopilot system caused it to slow down. The autopilot system, which is also used by other popular cars, confused it for a real physical being.
 


Phantom Images explained..


The research has found that these autopilot systems can be fooled into detecting fake images, projected by drones on the road or surrounding billboards. It has warned that this flaw can prove fatal as attackers could misuse this system flaw to trigger the systems to brake or steer cars into oncoming traffic lanes. Similarly, projecting fake lane lines also leads the Model X to temporarily ignore the road's physical lane lines. The crossover of fake and real lane lines would follow the artificial lane markers into the wrong traffic lane, as the projections were brighter than the real-life markers.

 

“When projecting images on vertical surfaces (as we did in the case with the drone) the projection is very simple and does not require any specific effort. When projecting images on horizontal surfaces (e.g., the man projected on the road), we had to morph the image so it will look straight by the car’s camera since we projected the image from the side of the road. We also brightened the image in order to make it more detectable since a real road does not reflect light so well.”

- Ben Nassi, Researcher, Ben-Gurion University of the Negev



The advanced driving assistance systems (ADAS), which are used by semi-autonomous vehicles to help the vehicle driver while driving or parking are the origins of this issue. ADAS systems are designed to increase driver safety by detecting and reacting to obstacles on the road. However, researchers said that they were able to create “phantom” images purporting to be an obstacle, lane or road sign; use a projector to transmit the phantom within the autopilots’ range of detection; and trick systems into believing that they are legitimate.

 

 


“The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers.”
 


Research Team, Ben-Gurion University of the Negev.
 

 

“The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers.”

- Research Team, Ben-Gurion University of the Negev


The researchers also showed how Tesla Model X can be caused to brake suddenly by projecting a phantom image, perceived as a person, in front of the car.
Mobileye's 630 Pro technology also proved easily confused by projected imagery. Notably, Mobileye's traffic sign recognition system was fooled into relaying incorrect speed limit information to the driver due to its inability to distinguish between projected and physical speed limit signage.
 

READ MORE: Tesla: an underdog to the most powerful business mogul in the us


What does Tesla have to say?


Of course, they were not available to comment.
 

The researchers, though said that they are in touch with both Tesla and Mobileye regarding the issue. Mobileye has said, that the phantom attacks did not stem from an actual vulnerability in the system, researchers revealed. On the other hand, Tesla told the researchers, “We cannot provide any comment on the sort of behavior you would experience after doing manual modifications to the internal configuration – or any other characteristic, or physical part for that matter – of your vehicle.”


The research has responded saying, that they did not influence the behavior that led the car to steer into the lane of oncoming traffic or suddenly put on the brakes after detecting a phantom. They have excluded this demonstration from the research paper, as Tesla’s stop sign recognition system is experimental and is not considered a deployed functionality.


The research team has suggested that configuring ADAS systems so that they take into account objects’ context, reflected light, and surface would help mitigate the issue as it would provide better detection around phantom images.


READ MORE: Tesla's disruptive success in competitive car-making and how it can airlift Boeing



Truth be told..


The research findings are disturbing. On the scale of level 0 (no automation) to level 5 (full automation), these two systems are considered “level 2” automation. It is a clear indication that semi-autonomous autopilot systems still require human intervention.
 

Though the phantom attacks are not security vulnerabilities, researchers have said that they reflect a fundamental flaw of models that detect objects that were not trained to distinguish between real and fake objects.
 

Connected cars have been the target of hackers for a long time. Vehicle-related attacks have stemmed from  keyless entry systems to in-vehicle infotainment systems. This study confirms that autopilot systems and other advanced driver-assist features are here to make the driving experience safer, but do not replace the act of driving or human interference altogether.

Spotlight

Outsourcing to cloud brings a new face to computation. In outsourcing, maintenance cost as well as upgrade cost is low to zero. Outsourcing's features are held back by data privacy concerns. In cloud, privacy of data can be assured by encryption schemes. Common encryption schemes will decrypt the data before processing and re encrypts data after processing, key sharing required. The sensitive data inside the processor are vulnerable to eavesdropping and other attacks. HEROIC Framework (Homomorphically EncRypted One Instruction Computer) a secure architecture for processing data in encrypted form is introduced as a promising solution to the security and privacy concerns.


Other News
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Balbix Announces Cybersecurity Posture Automation Support for Google Cloud Platform

Balbix | November 17, 2022

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of support for Google Cloud Platform (GCP). Security teams can now use Balbix to easily quantify, prioritize and mitigate risks in their Google Cloud environments. With this announcement, Balbix has also extended its Cyber Asset Attack Surface Management (CAASM) solution to support multi-cloud environments that span both GCP and Amazon Web Services. The rapid move to the cloud has made IT environments more complex to manage and secure. As a result, security teams struggle to get a consolidated view of risk. Yet, 63 percent of organizations say they look at security posture in the cloud separately from on-premises, according to Cybersecurity Insiders' 2002 State of Security Posture Report. "Our customers' environments can include over 1 million assets, spread across multiple clouds and their own facilities. Managing an attack surface this large is no longer a human-scale problem. "With Balbix's new support for GCP, our customers can use automation to manage cybersecurity posture across more of their environment." Gaurav Banga, Founder and CEO of Balbix Cyber Security Posture Automation for Google Cloud Platform Balbix now provides support for popular Google Cloud services, including Compute Engine, Cloud Storage, Cloud SQL, Google Kubernetes Engine (GKE) Cluster & Deployments, Cloud Functions, Cloud Key Management Service (KMS), Pub/Sub and Secret Manager. As a result, Balbix customers with Google Cloud environments can use automation and advanced analytics to: Get comprehensive, near real-time visibility of their Google Cloud assets. Combine data from Google Cloud with their other IT and security tools to gain security and business context for their assets. Discover misconfigurations – the most exploited attack vector for the cloud – as well as unpatched software vulnerabilities, weak credentials and trust issues. Measure risk in terms of breach likelihood and business impact in order to prioritize remediation. Calculate and report on cyber risk quantified in dollars (or other currencies) instead of risk scores Cyber Asset Attack Surface Management for Multi-Cloud Environments The addition of support for GCP extends Balbix's CAASM solution to multi-cloud environments. Security practitioners no longer need to use multiple tools or combine data manually from these tools in a custom spreadsheet to understand their security posture. They can see the relationships between assets, applications and users no matter where the assets are in the cloud or on-premises. They can also identify any gaps in coverage for security controls. Balbix provides more than just visibility. Unlike other vendors, Balbix combines CAASM with Risk-Based Vulnerability Management (RBVM) and Cyber Risk Qualification (CRQ) solutions so security teams are able to immediately take action to reduce their cyber risk. They can continuously identify, prioritize and mitigate security issues as they emerge, while quantifying and tracking residual cyber risk in dollars. Daily cybersecurity decisions – operational as well as executive – can be made using a unified and up-to-date view of cyber risk. "By adding support for Google Cloud, Balbix has broadened its risk model to be inclusive of multiple public cloud platforms and allowed organizations to better measure their overall cyber risk," said Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. "Customers can leverage this unified risk model to quantify cyber risk by business unit, geography, site, asset type or business owner – and quickly remediate those risks." The API-based Balbix Connector for Google Cloud Platform collects asset inventory and misconfiguration data and is available now. Visibility into other types of vulnerabilities is provided by optional Balbix sensors. These sensors also catalog the software bill of materials (SBOM) of applications running in GCP. Data collected by Balbix connectors and sensors is automatically deduplicated, correlated and inferenced to provide security teams with an accurate and unified view of risk. About Balbix Balbix enables businesses to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. Our SaaS platform, the Balbix Security Cloud™, ingests data from businesses' security and IT tools so they can understand every aspect of their cybersecurity posture, build a unified cyber risk model and obtain actionable insights for risk reduction. With Balbix, businesses can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Palo Alto Networks 5G-Native Security Now Available on Microsoft Azure Private Multi-Access Edge Compute

Palo Alto Networks | September 26, 2022

Palo Alto Networks, a Microsoft Azure private MEC ecosystem partner, today announced availability of VM-Series Virtual Next-Generation Firewall (NGFW) technology on the Azure Marketplace. Delivering end-to-end Zero Trust security at the enterprise edge, VM-Series virtual firewalls can now extend best-in-class NGFW capabilities to help protect Azure private MEC applications, providing centralized defense against cyberattacks. Azure private MEC combines network functions, applications and edge-optimized Azure services managed from the cloud to deliver high-performance, ultra-low-latency 4G/5G private wireless solutions that address the modern business needs of enterprise customers. "Our long-standing partner solutions with Azure and our VM-Series virtual firewalls have been protecting customer cloud environments for years. "The new VM-Series 5G capabilities enable enterprises to secure mission-critical applications in industry verticals like manufacturing, healthcare, utilities and public sector, all of which demand the latest in private wireless network technology." Prem Iyer, vice president, Ecosystems GSI and CSP, Palo Alto Networks Mobile 5G networks with multi-access edge compute combine AI and cloud technologies to transform enterprises and industries. Customers choose this next-generation mobile technology for its security and reliability, but increasingly sophisticated networks must be safeguarded against a complex and escalating "threatscape." Palo Alto Networks 5G-Native Security on the VM-Series brings advanced Layer 7 security capabilities to help detect and block known exploits, malware, malicious URLs, spyware, and command and control (C2) to 5G-powered edge computing use cases. The VM-Series Next-Generation Firewall enables enterprises to achieve comprehensive security for end-user application traffic that traverses the Azure Private 5G Core, securing edge infrastructure and helping detect and mitigate malicious activity within the user traffic. Key benefits of the solution include: Faster time to market with a fully tested and validated solution. Simpler deployment at scale from the Azure marketplace, facilitating a rapid rollout of NGFWs. Predefined configuration templates for comprehensive zero-day security. The Panorama management solution, integrated with Azure, allows for common management of VM-Series virtual firewalls deployed across all cloud and edge environments from a single console and provides centralized visibility and actionable insights into network traffic, logs and threats. "We're pleased to add Palo Alto Networks 5G security products to Azure Marketplace and our Azure private MEC ecosystem," said Shriraj Gaglani, general manager, Azure for Operators. "This adds an important option for customers when architecting critical end-to-end security frameworks that underpin Industry 4.0 use-cases built on our Azure private MEC solution." About Palo Alto Networks Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

Read More

DATA SECURITY, ENTERPRISE IDENTITY, SOFTWARE SECURITY

SynSaber Adds New Dynamic Pipeline to OT Cybersecurity Platform

SynSaber | October 21, 2022

SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, today announced the addition of a new Dynamic Pipeline feature to the company's platform, providing customers with improved scalability and flexibility. Building upon the product launched in February 2022, this update includes a comprehensive set of features and capabilities to collect, analyze, and curate data at the OT edge. SynSaber was purpose-built to bring edge visibility to industrial networks (oil and gas, water and electric utilities, advanced manufacturing) so that organizations can deploy and scale rapidly, integrate with current technology, and detect threats to protect business-critical assets. "SynSaber partners with some of the most important critical infrastructure operators in the nation to protect and provide visibility into how ICS/OT assets are exposed to potential cyber attacks. "With our latest update to the platform, customers are now able to extend visibility and flexibility throughout the organization for cybersecurity to act as a business continuity vehicle and empower operators and asset owners to prevent any operational disruption." Jori VanAntwerp, Co-Founder/CEO of SynSaber Dynamic Pipeline 's Key Benefits: Users can modify data sources, processors, and destinations in real-time, enabling dynamic configuration changes without interruption to visibility. Pipeline configuration can be modified and deployed within SynSaber's visual-based interface. The ability to dynamically configure Saber sensors from a visual-based interface allows for greater control and ease of access. In addition to the improved scalability and flexibility the dynamic pipeline provides, the v1.1.0 update includes enhancements to some of the existing features from SynSaber version v1.0.0. These feature improvements include: Custom flow module enables near real-time processing and analysis of data and asset identification. Improved Syslog support allows fast and efficient communication with existing infrastructure and technologies. About SynSaber SynSaber is the simple, flexible, and scalable industrial asset and network monitoring solution that provides continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem, empowering operators to observe, detect and defend OT/IT systems and protect critical infrastructure. SynSaber is privately held with funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY

Netpluz strengthens cybersecurity offerings for SME customers across the Asia Pacific

Netpluz | October 12, 2022

Netpluz, a one-stop Managed Communications Service Provider in the region, has teamed up with two leading security platforms, Stellar Cyber and Ridge Security, to provide more comprehensive cybersecurity services for Small and Medium-sized Enterprises (SMEs) across the Asia Pacific. Netpluz eSentinel™ is a cloud-based, all-in-one managed cybersecurity platform that offers comprehensive protection of confidentiality, integrity, and availability of computer systems and networks against cyber-attacks and unauthorized access. The partnerships with Stellar Cyber and Ridge Security will significantly enhance the cyber defence capabilities of eSentinel™ in two main areas, namely Managed SOC (Security Operations Centre) and VAPT (Vulnerability Assessment and Penetration Testing). With the adoption of Stellar Cyber's Open XDR platform and ingestion of data from multiple different sources, eSentinel™ Managed SOC service will offer high-fidelity threat detection and incident correlation through AI, automated threat hunting and response. MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) will also improve tremendously by more than eight and twenty times, respectively. Ridge Security's pioneering product, RidgeBot®, is an intelligent risk-based vulnerability management and automated pentest robot that value-adds to eSentinel™ VAPT service. RidgeBot® acts like human attackers, relentlessly locating exploits and documenting the findings. Unlike humans, RidgeBot® comes armed with dynamic attack strategies to exploit before moving on to the next target. "With digitalization accelerated by the pandemic, adopting technology as part of strategic growth is now at the forefront of many organizational agendas, even for SMEs. In fact, we see SMEs looking at digitalization for business and growth opportunities in the long term – driving stronger demand for managed cybersecurity services. "Responding to this demand, we are thrilled to work with Stellar Cyber and Ridge Security to deliver enterprise-grade and cost-effective managed cybersecurity services to businesses in the Asia Pacific." Mr Lau Leng Fong, Chief Executive Officer of Netpluz Such collaborations extend Netpluz's comprehensive selection of business-focused solutions and align with the company's vision to be the top Managed Communications Service Provider in the Asia Pacific. With the evolving digital landscape, cybersecurity is now an integral part of communication services and an even more significant concern for SMEs. Unlike large enterprises, SMEs are often more vulnerable to cyber-attacks due to the lack of strong technological defences, less awareness of threats, and a shortage of talents and resources to invest in cybersecurity. This is where Netpluz comes in. With an increasing focus on offering managed cybersecurity services, Netpluz has established a high-availability Security Network Operation Centre (SNOC) spanning its regional operations, to provide round-the-clock monitoring, detection and response of its customers' IT devices, systems, and network infrastructure. To further strengthen its cybersecurity capabilities and processes, Netpluz has also attained certifications, including CREST Certification, CSA Cyber Trust mark (Advocate), ISO/IEC: 27001:2013, and MTCS Standard. Netpluz is also a Cybersecurity Service Provider (CSP) licensed by the Cyber Security Agency of Singapore (CSA), enabling the company to provide secure and reliable services to customers in Singapore and across the Asia Pacific region. About Netpluz Netpluz is a transforming Managed Communications Service Provider that helps clients become more agile by simplifying their Information and Communications Technology (ICT) needs. With humble beginnings in 2015 serving business internet connectivity, acquisition of MediaRing business assets and merger of Y5Zone Singapore in 2016, Netpluz has evolved from an Internet Service Provider (ISP) to providing Managed Data, Cloud, Cybersecurity, Voice, Video, and Mobility services to over 2,000 clients over a single, converged network with uncompromising availability, scalability and service standards. Backed by decades of industry expertise, experience and global technology partners, Netpluz managed services are designed and operationalized with cost efficiency to fit business needs. With an unwavering dedication to delivering quality services to its clients, Netpluz aspires to become the top Managed Communications Service Provider in the Asia Pacific. About Stellar Cyber Stellar Cyber's Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface, delivering fewer and higher-fidelity incidents, and responding to threats automatically through AI and machine learning. Its XDR Kill Chain™, fully compatible with the MITRE ATT&CK framework, is designed to characterize every aspect of modern attacks while remaining intuitive to understand. This reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. The company is based in Silicon Valley. About Ridge Security Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems. The management team has years of networking and security experience. Ridge Security's robotic security validation system RidgeBot, fully automates the penetration testing process and emulates adversary attacks to validate an organization's cybersecurity posture.

Read More

Spotlight

Outsourcing to cloud brings a new face to computation. In outsourcing, maintenance cost as well as upgrade cost is low to zero. Outsourcing's features are held back by data privacy concerns. In cloud, privacy of data can be assured by encryption schemes. Common encryption schemes will decrypt the data before processing and re encrypts data after processing, key sharing required. The sensitive data inside the processor are vulnerable to eavesdropping and other attacks. HEROIC Framework (Homomorphically EncRypted One Instruction Computer) a secure architecture for processing data in encrypted form is introduced as a promising solution to the security and privacy concerns.

Resources