According to new research, self-driving cars could be hijacked by external forces capable of modifying the artificial intelligence (AI) systems that drive the vehicles. A McAfee report indicates that a vehicle's artificial intelligence system can be tampered with, which could have an impact on the future and safety of autonomous vehicles. This process, which McAfee calls "model hacking," is capable of completely replacing vehicle software systems available for purchase today, including Tesla models.
model piracy
McAfee's Advanced Threat Research (ATR) and Advanced Analytics teams were able to use "minor modifications" to create a targeted attack on the black box of the Mobileye EyeQ3 camera system found in many modern vehicles, including some Tesla models. This attack allowed investigators to manipulate artificial intelligence technology in a Tesla Model S 1 implementation hardware package to mistakenly classify a speed limit sign reading 35, speeding it up to 85 mph. Hacking models works by attacking the algorithms that go into defining the rules of an AI system, such as the one found in autonomous vehicles. By negatively influencing or "poisoning" the training set used to create these AI models, hackers can affect nearly every aspect of how a software platform recognizes and interacts with the world that l & # 39; surrounds. "Simply by interrupting, changing the width of some features (such as image pixels), zeroing in, or removing some features, an attacker can wreak havoc on security operations with disastrous effect," said Steve McAfee, a McAfee researcher. Povolny and Celeste Fralick blogged describing the attack. McAfee says that while there is still no documented report of model hacking in the wild, interest in the field is increasing, meaning hackers may have their own interests stung soon. And with the number of vehicles with self-driving capabilities expected to reach nearly 750,000 by 2023 according to Gartner research, the need to detect these new threats before they evolve is paramount. "The good news is that, just like classic software vulnerabilities, it is possible to defend against model hacking, and the industry takes this rare opportunity to deal with the threat before it becomes a useful reality for the opponent," they noted. the researchers.