‘Small stickers’ were enough to trick a Tesla’s autopilot to drive into the wrong lane

By placing three stickers over road markings, researchers caused the Tesla to move to the wrong side of the road.
Tesla lane hack
(Wikimedia Commons)

A security vulnerability in Tesla firmware made it possible for outsiders to take remote control over a vehicle’s steering and push it into an opposite lane, according to recent research from Tencent’s Keen Security Lab.

The computer experts discovered that, by painting “small stickers” on a roadway, they could fool the autopilot on a Tesla Model S 75 into following a path the driver did not intend. The technique exploited the car’s autopilot protocol, which quickly collects data about a vehicle’s surroundings based on radar signals, cameras and other sensors. By placing stickers over road markings, the Keen team caused the Tesla to move to the wrong side of the road.

Researchers also proved it was possible to activate the windshield wipers by using a camera to trick the Tesla’s artificial intelligence into believing there was moisture on the surface.

Tesla fixed the “primary” flaw with a series of security patches issued in 2017 and 2018, “both of which we released before this group reported this research to us,” a company spokesperson said in an email to CyberScoop.


“The rest of the findings are all based on scenarios in which the physical environment around the vehicle is artificially altered to make the automatic windshield wipers or Autopilot system behave differently, which is not a realistic concern given that a driver can easily override Autopilot at any time by using the steering wheel or brakes and should always be prepared to do so, and manually operate the windshield wiper settings at all times,” the statement said.

While Tesla advises its drivers to keep alert behind the wheel, recent incidents have demonstrated that’s not always the case. California police arrested a Tesla driver last year for allegedly falling asleep while driving intoxicated. In another case, the National Transportation Safety Board determined “the lack of sufficient system controls” in a Tesla Model S were partially to blame for an accident that resulted in the death of a driver.

Last month, two researchers were awarded $35,000 for proving they could hack a Tesla’s onboard internet browser, as CyberScoop reported.

Keen Security Lab is known for its research into connected vehicles. Practitioners have uncovered flaws in BMW cars, as well as vulnerabilities in products made by tech companies including Microsoft and VMWare.

Keen is a part of Tencent Holdings, a multinational Chinese conglomerate with subsidiaries in areas including entertainment, technology and video games. Tencent also is building its own autonomous driving team, according to job listings posted late last year on LinkedIn, Reuters reported.


A video demonstrating the just-published research is available below.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts