On Wednesday of this week, an Israeli firm called Regulus Cyber issued a press release stating that "spoofing attacks on the Tesla GNSS (GPS) receiver could easily be carried out wirelessly and remotely." In the firm's demonstration attack on a Model 3, "the car reacted as if the exit was just 500 feet away—abruptly slowing down, activating the right turn signal, and making a sharp turn off the main road," according to Regulus. "The driver immediately took manual control but couldn't stop the car from leaving the road."
Tesla's official response could best be described as "brusque."
"These marketing claims are simply a for-profit company's attempt to use Tesla's name to mislead the public into thinking there is a problem that would require the purchase of this company's product. That is simply not the case. Safety is our top priority and we do not have any safety concerns related to these claims."Tesla official spokesperson
So, a company most of us haven't heard of tells us that it's demonstrated disturbing vulnerabilities in Tesla. Tesla, in effect, says said company is just looking for a buck and there's no problem, but it doesn't really provide any details. Where does the truth lie? That question necessitates a look at the merits of this specific Regulus-vs-Tesla claim—and then a broader glance into the history, technology, and possibilities of GNSS spoofing itself.
A closer look at the Regulus demo
If you read the opening paragraph of this article and thought that evil hackers took remote control of a car and made it go violently off-road, no strings attached, don't feel bad—you were almost certainly meant to. But the reality is much different. The first, most obvious objection is that Regulus physically affixed an antenna to the roof of the Model 3 and wired it into its systems before the demonstration. That isn't really the smoking gun it appears to be; it would've been possible to get the same effect with no antenna or wires, it just would have been extremely irresponsible (and most likely illegal).
We'll get into some of the hairy technical details later, but GNSS spoofing is typically a broadcast attack which can be expected to affect a large area. Putting an antenna on the roof of the Model 3 allowed Regulus to use far less power than would otherwise be required, and therefore the firm could be far less worried about accidentally impacting other, unrelated GPS devices nearby. That said, I don't mind giving them a pass on this one; presumably real bad guys would have fewer constraints and thereby wouldn't need to bother with the physical antenna and wiring in order to attack someone's car. The real problem is a little less obvious, and you're unlikely to spot it unless you find Regulus Cyber's actual blog post on the experiment—which is much more detailed, and conspicuously not linked directly from the press release.