Researchers jailbreak Tesla using unpatchable AMD hardware flaw for free feature upgrades

Daniel Sims

Daniel Sims

Posts: 1,376   +43
Staff
A hot potato: Some features in Tesla vehicles are locked behind paywalls, similar to in-app purchases for smartphone software. As these extra functions are restricted by computer hardware and software rather than core mechanical components, hackers can theoretically unlock them for free, a process that researchers will explain next week.

Researchers from Technische Universität Berlin claim to have jailbroken Tesla vehicles, allowing them to freely access features normally locked behind in-car purchases. They plan to present their detailed findings on August 9 at the 2023 Black Hat USA conference.

According to a preliminary description, the hack unlocked additional connectivity functionality, faster acceleration, and rear heated seats. The researchers also successfully ran arbitrary software on the car's Linux-based infotainment system, opening up the potential for homebrew Tesla apps.

A potentially more impactful result of the jailbreak is that it could enable hackers to access the hardware-protected keys Tesla uses to authenticate each vehicle. Furthermore, attackers can decrypt a vehicle's internal storage, giving them access to personal user data.

Using this method, anyone with physical access to a Tesla could take control of the vehicle and access all of the data on it. Conversely, it could enable Tesla owners to gain control of the car's software and information from the company, potentially transferring its identity to a new model without any involvement from Tesla. The hack could also make repairs easier, raising potential right-to-repair concerns. Fortunately, the hack cannot be performed remotely, so the most likely users would be the vehicle's rightful owners.

Moreover, the jailbreak is possible due to an unpatchable flaw in each Tesla's AMD processor. The researchers used cheap, off-the-shelf parts to manipulate the power flow to the system in what's called a voltage fault injection attack. They then disrupted and reverse-engineered the initial boot-up code to gain root privileges.

The researchers published a study in April, where they used the same attack to sidestep AMD's firmware TPM in PCs, potentially neutralizing BitLocker. This process removes an important security feature and could render Windows 11's most controversial system requirement moot.

TPM is the sole reason Microsoft only officially supports its latest operating system on relatively recent CPUs. Voltage fault injection was also proven to successfully undermine hardware-based security on AMD server CPUs in 2021 and Intel's Software Guard Extensions in 2020.

Permalink to story.

https://www.techspot.com/news/99675-researchers-jailbreak-tesla-using-unpatchable-amd-hardware-flaw.html

 
Using this method, anyone with physical access to a Tesla could take control of the vehicle
Click to expand...
Physical access as in walking by it in a parking lot, or is the process involved enough / suspicious enough so that you basically already need to own the car?
 
brucek said:
Physical access as in walking by it in a parking lot, or is the process involved enough / suspicious enough so that you basically already need to own the car?
Click to expand...
Well they said not remotely so I assume you must be inside the car with wires hooked up to the infotainment or OBD
 
  • Like
Reactions: Theinsanegamer
In last sentence the author admits that this methods work on Intel CPUs too, yet decides to address It through article as "unpatchable AMD hardware flaw" rather than "modern CPUs unpatchable hardware flaw" or "Tesla's unpatchable hardware flaw".
Interesting...
Just biased, or maybe hold some Intel stocks? ;-)
 
  • Like
Reactions: MWR01, preyingrazor, Crunch and 3 others
My father sold cars for over 33 years. If you wanted a feature, you ORDERED it and PAID for it ONCE.
But today, everything is shifting to unlimited "subscriptions" you pay until you stop using your car, computer etc.
We are moving to a world where everything is too expensive to "own" but, if you "subscribe" (rent) it forever
and you will LIKE it!
If I purchase something, other than a warranty, it should be mine to do with as I please. But with "software" it isn't.
 
  • Like
Reactions: MWR01, Freddie159 and DSirius
p51d007 said:
My father sold cars for over 33 years. If you wanted a feature, you ORDERED it and PAID for it ONCE.
But today, everything is shifting to unlimited "subscriptions"
Click to expand...

Look at Mercedes. On tesla, besides "full internet", everything else is bought "for life" (at least, I'm not remembering of anything that has a subscription).

Laws can mandate that hardware things cannot be subscription-based, if politicians make nothing about it, then we lose.
 
  • Like
Reactions: Freddie159, nrstha, DSirius and 1 other person
rmcrys said:
Look at Mercedes. On tesla, besides "full internet", everything else is bought "for life" (at least, I'm not remembering of anything that has a subscription).

Laws can mandate that hardware things cannot be subscription-based, if politicians make nothing about it, then we lose.
Click to expand...
I mean, it should be the consumers to vote with their wallets against these things. Companies wouldn't try these things if they were actually afraid of their customers.....
 
  • Like
Reactions: Freddie159
p51d007 said:
My father sold cars for over 33 years. If you wanted a feature, you ORDERED it and PAID for it ONCE.
But today, everything is shifting to unlimited "subscriptions" you pay until you stop using your car, computer etc.
We are moving to a world where everything is too expensive to "own" but, if you "subscribe" (rent) it forever
and you will LIKE it!
If I purchase something, other than a warranty, it should be mine to do with as I please. But with "software" it isn't.
Click to expand...


It's already happening in almost any sector you can think of. Do you think you own the movies in Netflix? Do you think you own any of the games in Steam? Do you own a physical copy of your Windows installation?

There's advantages but obviously disadvantages to a model like that. With subscription one client can opt for the most basic version of a Tesla and the other can opt for a few features added or even have it all. Instead of having to drive to the dealership to build those features in, with a simple remote "unlock" you can do it.

 
  • Like
Reactions: Freddie159
p51d007 said:
My father sold cars for over 33 years. If you wanted a feature, you ORDERED it and PAID for it ONCE.
But today, everything is shifting to unlimited "subscriptions" you pay until you stop using your car, computer etc.
We are moving to a world where everything is too expensive to "own" but, if you "subscribe" (rent) it forever
and you will LIKE it!
If I purchase something, other than a warranty, it should be mine to do with as I please. But with "software" it isn't.
Click to expand...

The problem with that way of doing things is the next user isn't going to pay what you think your vehicle is worth if they don't want the features you paid for as long as you owned the vehicle. ie you paid for heated seats, I'm going to the Southern US to live and won't need them, not paying you for what I don't need. or my mom will be driving the vehicle and she doesn't need warp speed acceleration, sorry not paying you for that either. In short the car you paid extra for is now worth nothing more than the base model.
 
Vanderlinde said:
It's already happening in almost any sector you can think of. Do you think you own the movies in Netflix? Do you think you own any of the games in Steam? Do you own a physical copy of your Windows installation?

There's advantages but obviously disadvantages to a model like that. With subscription one client can opt for the most basic version of a Tesla and the other can opt for a few features added or even have it all. Instead of having to drive to the dealership to build those features in, with a simple remote "unlock" you can do it.
Click to expand...

I do own physical copies of everything on my pc because I make clones of the harddrive once a month, now is it easy to get program a or program b out of that clone, no it is not but I can always put that image on a new drive and be right back where I was before.
 
  • Like
Reactions: MWR01
Well, I don't normally agree with such activity but in the case of Tesla I'll make a BIG exception. Musk has been raping his customers long enough, it's about time he got a taste of his own ......
 
p51d007 said:
But today, everything is shifting to unlimited "subscriptions" you pay until you stop using your car, computer etc.
Click to expand...

Yes, and it's worse than that: The extensive use of software in cars makes it much more difficult to diagnose and repair them without the right tools which can be expensive computer-based devices. The advent of the 'shade tree mechanic' is fading away.
 
  • Like
Reactions: p51d007
Unless you are prepared to isolate your Tesla from the internet or at least Tesla itself and never get your car serviced, or at least meticulously restore all settings to what you've paid for before any software update or service, I'd say you're likely to get caught out on that one. I'm sure Tesla has a good database on who's paid for what, e.g. in my case I have lifetime supercharging, and obviously some form of communication takes place to let the various systems know not to bill me. They say pretty much any pedal you press gets reported back. What action they take depends, but I think everyone signs an agreement they won't modify or reverse-engineer the code. I can just see people's faces when they get a text saying 'I hear you've been a naughty boy, Clement, so we're going to put your car in Valet mode for 6 months, which will hopefully be long enough for your to see the error of your ways'.
 
It's not really a matter of if you can as the internet will always find a way, it's a matter of making the bar of entry high enough that most folks don't want or care to jailbreak a system. Anyone can sail out to deeper waters and pirate software or media but most folks just can't be bothered in the day and age of nearly constant sales on Steam and $5 CAD movie rentals on Youtube. I'm not for the unlocking of features via subscription in cars as that could get really messy but viewed as a model where the cost of the base model hardware is subsidized by the 10% of customers paying 25-30% more for the top trim level it isn't any different than how the car industry has always been. The difference now is that you can decide later that maybe I really do want to pony up for the cooled seats and it's a few clicks away rather than a trip to Rock Auto to find the physical seats with the cooling fans in them, shipping them, bolting them in and then screwing around with an Autec tablet for half a day trying to reprogram the vehicles modules to recognize the new seats. Not to mention any vehicle older than about 5 years this would also involve swapping out physical button blanks on the dash or center console for actual switches and then connecting those to the wiring harness.

I've cut spliced and hot-rodded a hell of a lot of cars and bikes over the years and I'd much rather just upgrade my subscription if it's related to my daily driver rather than go through any wrenching at all on a machine that solely serves to tow my butt to work.
 
Freddie159 said:
The problem with that way of doing things is the next user isn't going to pay what you think your vehicle is worth if they don't want the features you paid for as long as you owned the vehicle. ie you paid for heated seats, I'm going to the Southern US to live and won't need them, not paying you for what I don't need. or my mom will be driving the vehicle and she doesn't need warp speed acceleration, sorry not paying you for that either. In short the car you paid extra for is now worth nothing more than the base model.
Click to expand...

The exact same would be true with your examples as hardware features.
 
  • Like
Reactions: MWR01
You must log in or register to reply here.

Similar threads

Daniel Sims
Unpatchable Apple Silicon vulnerability could leak encryption keys
Replies
15
Views
286
Dreadcthulhu
D
midian182
  • Locked
Tesla is laying off 10% of global workforce amid declining sales and production cuts
2
Replies
30
Views
365
Endymio
Endymio
Daniel Sims
Researchers propose installing a fiber network on the Moon
Replies
3
Views
138
kira setsu
K

Latest posts

Back