Many Tesla vehicles are equipped with cameras that read speed limit signs to help the cars' automated cruise control set an appropriate speed. But physical alterations to the signs can trick the camera into thinking the speed limit is higher than it actually is, researchers from the cybersecurity firm McAfee said in a Wednesday report.
Researchers slapped a roughly 2-inch piece of black electrical tape on a 35-mph (56 km/) sign to make the "3" look more like an "8." That caused the Mobileye camera on two 2016 Tesla models to incorrectly read the speed limit as 85 mph (137 km/h), researchers said.
"Even to a trained eye, this hardly looks suspicious or malicious, and many who saw it didn't realize the sign had been altered at all," McAfee researchers Steve Povolny and Shivangee Trivedi wrote. "This tiny piece of sticker was all it took to make the Mobileye camera's top prediction for the sign to be 85 MPH."
Video from one of the researchers' demonstrations shows a Tesla Model S accelerating well beyond the 35-mph limit after passing a doctored sign. The driver slowed the car down after it passed the 50-mph mark for safety purposes.
Researchers say Tesla's newest models don't use cameras from Mobileye, a driver-assistance technology company owned by Intel. And a newer Mobileye camera available in later Tesla vehicles did not appear vulnerable to the sign glitch, according to Povolny and Trivedi. But the problematic camera still makes up a "sizeable installation base" among Tesla cars, they wrote.
The McAfee researchers said both companies indicated interest in their findings last fall but did not disclose plans to fix the problem on their existing platform.
Tesla did not immediately respond to a request for comment on the research. But a Mobileye spokesperson said the company doesn't consider the alterations to the speed limit signs an "adversarial attack" because they can also confuse human observers.
"Autonomous vehicle technology will not rely on sensing alone, but will also be supported by various other technologies and data, such as crowdsourced mapping, to ensure the reliability of the information received from the camera sensor and offer more robust redundancies and safety," the spokesperson said in a statement.
McAfee's sign trick came out of an 18-month project in which researchers tried to replicate other studies of how machine learning systems used in autonomous cars could be attacked. They also used special colored stickers to trick a camera into reading a 35-mph speed limit as 45 mph.
While such research is still "highly academic," Povolny and Trivedi wrote, "it represents some of the most important work we as an industry can focus on to get ahead of the problem."