From Virtual Touch to Tesla Command: Unlocking Unauthenticated Control Chains From Smart Glasses for Vehicle Takeover
Xingli Zhang, Yazhou Tu, Yan Long, Liqun Shan, Mohamed A Elsaadani, Kevin Fu
IEEE Symposium on Security and Privacy 2024 · Day 2 · Continental Ballroom 4
This talk, presented by Xingli Zhang and collaborators at IEEE S&P, unveils a novel and concerning attack vector that allows an attacker to manipulate a Tesla vehicle without the owner's interaction or authentication, starting from a seemingly innocuous pair of smart glasses. The research demonstrates how a chain of vulnerabilities, spanning physical hardware, software automation tools, and integrated APIs, can be exploited to achieve unauthorized control over a connected vehicle. This work is significant because it highlights the often-overlooked security implications of increasingly interconnected consumer electronics and the transitive trust relationships that form between them.
AI review
This research uncovers a novel, low-cost, and alarmingly effective unauthenticated attack chain leveraging EMI on smart glasses to activate voice assistants, bypass locked smartphone authentication via automation tools, and ultimately control a Tesla vehicle. The end-to-end demonstration and detailed technical deep dive expose critical transitive trust vulnerabilities in modern smart ecosystems. This is a must-see for anyone serious about real-world security implications of IoT.