RuhrSec 2025 | Glitching AP4: A Technical Deep Dive Into Tesla’s Autopilot Computer

RuhrSec is the annual English speaking IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit. 🔽 More information … ——— Talk // Glitching AP4: A Technical Deep Dive Into Tesla’s Autopilot Computer Abstract // Tesla has become known not only for its electric vehicles but also for its advanced computer platform, featuring an infotainment system, remote services, and the prominent Autopilot driving assistant. While Autopilot’s platform security protects its code, machine learning models, and data from competitors, it also hinders third parties from accessing crucial user data, such as camera and sensor recordings, which could aid in e.g. crash investigations. In this presentation, we demonstrate how we rooted Tesla Autopilot HW4 using voltage glitching, enabling the extraction of arbitrary code and user data. We will dive deeper into Autopilot’s security architecture, exploring the flash filesystem, full disk encryption, and model weight encryption. Additionally, we will compare this attack with the previously published attack on Autopilot HW3. ——— Biography // Niclas Kühnapfel is a Ph.D. candidate at TU Berlin’s Chair for Security in Telecommunications (SecT). His research spans hardware, embedded, and platform security. He studied Computer and Communication Systems Engineering (B.Sc., TU Braunschweig) and Computer Engineering (M.Sc., TU Berlin). Niclas has presented on covert channels (ACSAC) and fault injection attacks on AMD-ASP (IEEE PAINE). Recently, he published voltage glitching attacks on Tesla’s infotainment system (Black Hat) and Autopilot HW3 (37C3). Speaker // Niclas Kühnapfel ➡️ Slides - Download https://www.ruhrsec.de/downloads/slid... ——— 🚀 Subscribe to Our Channel:    / @hackmanit-it-security   👉 Read More About Interesting It Security Topics on Our Blog: https://hackmanit.de/en/blog-en ✍️ Want a Deeper Dive Training courses in Single Sign-On (OAuth, OpenID Connect, and SAML), Secure Web Development, TLS, and Web Services are available here: https://hackmanit.de/en/training/port... ——— 🌍 RuhrSec Conference Website: https://www.ruhrsec.de 🌍 Visit Our Website - Hackmanit: https://hackmanit.de/en ✖️ Follow RuhrSec on X:   / ruhrsec   ✖️ Follow Hackmanit on X:   / hackmanit   ✔ Follow RuhrSec on Linkedin:   / ruhrsec   ✔ Follow Hackmanit on Linkedin:   / hackmanit   Follow Hackmanit on XING: https://www.xing.com/pages/hackmanitgmbh ——— Thanks for your attention and support. Stay secure. 🫶 #AP4 #autopilot #HW4 #tesla #hacking #RuhrSec #itsecurity #itsicherheit #cybersecurity #cybersicherheit