Modifying a Tesla to Become a Surveillance Platform

From DefCon:

At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras­—the same dash and rearview cameras providing a 360-degree view used for Tesla’s Autopilot and Sentry features­—into a system that spots, tracks, and stores license plates and faces over time. The tool uses open source image recognition software to automatically put an alert on the Tesla’s display and the user’s phone if it repeatedly sees the same license plate. When the car is parked, it can track nearby faces to see which ones repeatedly appear. Kain says the intent is to offer a warning that someone might be preparing to steal the car, tamper with it, or break into the driver’s nearby home.

Tags: , , ,

Posted on August 22, 2019 at 5:21 AM20 Comments

Comments

Clive Robinson August 22, 2019 6:24 AM

@ Bruce,

I don’t think,

    Kain says the intent is to offer a warning that someone might be preparing to steal the car, tamper with it, or break into the driver’s nearby home.

That will end up being the real use, a couple spring to mind.

Firstly and most obviously and an aspect that should also be mentioned is it is going to be a usefull tool in the “anti-stalker” armoury. So a “celeb-market” is already waiting for it.

As for a second market, let’s put it this way, potentially this is one of the strongest “anti-surveillance” devices in years.

So if you think you may be a “person of interest” for some reason (ie career criminal) then using this will put a real spanner in the works for the general method used by LEO’s etc to perform surveillance in teams…

So I can see quite a few people with lots of money likewise taking an interest in it. So the second would be the “SOC-market”.

The flip side of this is of course LEO’s will start screaming about “going dark” or similar about the technology… And making ludicrous demands to have every street if not front door have 24×365.25 recording they have access to (that will “Ring” Amazon’s door / cash register nicely).

But more importantly this will make “Close Protection” work more effective. Whist CP operatives can usually spot those watching the VIP they tend not to be able to see “Those who are watching the watchers” ie them. Which is problematical, because those that do that tend to be quite specialized and have other skills and resources most stalkers / kidnappers / terrorists do not have. Thus they are not the sort of people CP Operatives can easily deal with.

Humdee August 22, 2019 9:26 AM

“As for a second market, let’s put it this way, potentially this is one of the strongest “anti-surveillance” devices in years.”

This was my thought too. The idea that this is an anti-theft device is hilarious as it would show a complete ignorance of how thieves actually work. The people whose faces keep appearing is likely to be the dog, the spouse, or yep the police. It isn’t going to be a thief.

Auntie surveillance August 22, 2019 9:38 AM

Is an anti-surveillance surveillance system a surveillance system, or an anti-surveillance system? Because if it’s both, then it’s another surveillance system. Not sure who’s winning here.

parbarbarian August 22, 2019 9:58 AM

That is all very interesting and I can see some law enforcement use for it but preventing theft? The market for stolen Teslas is ridiculously small. One or two a year — way below the rate for powerful cars and pickup trucks. The Teslsa are not nearly popular enough for the midnight auto supply market and will usually be parked in a garage or well-surveilled parking lot because that is where the chargers are.

dragonfrog August 22, 2019 11:30 AM

“…someone might be preparing to steal the car, tamper with it, or break into the driver’s nearby home.”

Riiiight. Or, accounting for the other 99.99999% of faces and license plates flagged as “suspicious” by this tech, they live nearby / tend to go past the house on their evening walk / have nearly the same commute / often visit a nearby family member / get their hair cut at the home-based barber shop down the block / etc.

This will put a needle-less haystack of false positives in front of Tesla owners, so they can get alarmed about the ones that align to their existing prejudices based on race, age, style of dress, type of vehicle, or whatever their personal hangups are.

Sed Contra August 22, 2019 11:41 AM

After all, the trend in distributed monitoring sensor systems is towards local processing, to avoid heavy burdens on the central HPC facility.

VinnyG August 22, 2019 2:12 PM

And, of course, the data that results from these observations and from the connections made by the recognition software will remain with the vehicle’s owner,and not be shared in any way with Tesla or any of Tesla’s partners who might have a interest in purchasing it, right? This is enough to make one wonder if Tesla battery fires shouldn’t be viewed as positive events.

@Auntie surveillance re: difficulty identifying winners – Unfortunately, the converse does not appear to be true…

Rachel August 23, 2019 12:00 AM

It’s disappointing to see things like this, providing Tesla richly non-deserved positive attention.

This is all making the assumption the Tesla technology works as it claims, consistently, reliably. The evidence we have contrary to this assumption is extremely long. And thats just whats made it public!

Why worry about someone ‘tampering’ with your Tesla? Teslas done a good enough job of that themselves.

There is also the very real risk of the company going bankrupt in the not too distant future, thus end of lifing that premium priced technology.

https://wolfstreet.com/2019/05/28/how-a-low-share-price-would-be-fatal-for-tesla-and-why-musk-has-to-pump-it-up-come-hell-or-high-water/

There are just too many reasons NOT to buy one of these so called ‘cars’, nothing at all to do with this Defcon talk

random internet user August 23, 2019 12:01 AM

I was wondering when something utilizing automatic license plate recognition would come out in the civilian world (or at least more proof of concepts).

Open ALPR has been around for a bit now and has been successfully used by tech hobbyists where I live to try to emulate something akin to what police now install in their patrol cars to identify registration anomalies, (although civilians do not have access to the police API/database of course for registration checks etc).

It shows promise as a vehicular counter-surveillance tool (not so much for the people on foot you drive by). Open ALPR even advertise this as a higher grade service on their website to Gov/Private Security firms.

The article hints that the team used similar software:

https://github.com/sergiomsilva/alpr-unconstrained

Note: I’m not affiliated with either software project. I was looking into a hobby project which used it on an Raspberry Pi similar to the way alpr-unconstrained takes, stores and analyses images, but it was difficult to implement on a budget with little to no benefit apart from the learning experience.

Random Internet User August 23, 2019 1:01 AM

I should add to my comment above that false positives are inevitable and you kind of have to run with them and use your judgment when they appear (or your training if you’re some sort of secret agent person doing your surveillance detection run/route before doing James Bond stuff).

So it acts more as an aid rather than a foolproof system.

I think it is best used over different routes and times (and even multiple days) to determine if something is up.

Other problems are “blind spots”, such as car parks and slow traffic/traffic jams which would show lots of false positives (as that car behind you in slow traffic will still be there 5 minutes later) which could be resolved by displaying to the user when the cars around you were last seen if the detection system relies on image timestamps (which they most likely do), and where if you add a GPS component with a map overlay, as well as your best judgment.

Understanding your adversary and their potential resources would also be useful for this sort of system. For Gov/Law enforcement, they could blacklist plates they are looking for making things much easier (whitelisting anything would be a bad idea by the way). If you are up against Gov/Law enforcement, you may want to reconsider your area of employment/life choices.

So again, it came across to me as more of an aid when I was researching it.

David August 23, 2019 1:44 AM

Random Internet User

I’ve read of devices implementing IR LED’s attached to number plates that confuse traffic cameras license plate readers.

Australia has more sophisticated cameras designed to bypass the use of reflecting paints and similar obfuscation. They take a standard photo plus high definition imaging – unsure the correct technical phrase sorry.

One more sophisticated LED device, when attached to licence plate, actually detects when the photo is taken and uses that opportune moment to send an LED pulse across the plate, defeating the high tech cameras.
There is a website for it, US I recall

And this diffusion cover

https://www.photoblocker.com/photoshield-cover-australia.html

This may be the LED device I was thinking of

https://www.digitaltrends.com/cars/nophoto-license-plate-frame-foils-red-light-and-speed-cameras/

Random Internet User August 23, 2019 2:32 AM

@ David,

Yeah, I’m from AUS and remember hearing about reflective countermeasures for plates as a kid (from other kids at school who said their parents used them), I think it was hairspray or some sort of coating used in furniture, this was ages ago and I never found out if it was true or not.

Regarding the IR thing, I was wondering if that was possible while driving by a red light camera not long ago, it was around the same time I was trying out the Raspberry Pi thing so it was on my mind.

Also, all I know about those red light cameras is that they take a photo and then begin to record video after they are triggered so people can determine if they want to dispute a fine. I’m quite sure that anyone who tries to evade them would get in serious trouble if they were caught using any form of countermeasure like those plate things (I doubt they work and I wouldn’t risk it, I try to drive safe anyway).

For a less sophisticated camera system like the common off the shelf ones attached to an ALPR setup, they might work, it would be interesting to test them out. If they work against a decent mobile phone camera with IR capabilities and optical zoom capabilities then they should work against this sort of ALPR setup.

Random Internet User August 23, 2019 3:49 AM

@ David,

Also, I just wanted to ask, if you are from AUS too, do you know of any good tech communities who are interested in this sort of thing who have workshops or talks (or even an irc chan for that matter)?

I’m finding it very difficult to establish social connections here in AUS compared to people in the US within their tech community. I was kinda told to try my hardest to do this by a person working Threat Research/Intel at a major teclo here in AUS. All I could find were a couple of conferences per year all over the east coast, which came across as hostile to walk-ins at first glance.

Anyway, I’ll leave an email addy in the header of this post if anyone else does.

Vince August 24, 2019 2:52 AM

This may be a great proof of concept but terrible for your tesla’s battery life, which is expensive to replace. It is virtually impossible to steal a tesla without getting caught they are connected vehicles that require software updates periodically from the mothership. This sounds more like a novelty item for geekstuff lovers with very little real life benefits.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.