A group of hackers have exposed an exploit that can unlock Tesla’s software-locked features worth up to $15,000.
Free heated seats and Full Self-Driving package, anyone?
Software-locked features that need to be activated by the owner paying or subscribing to a service are becoming increasingly popular in the auto industry.
Tesla has been on board that trend very early since it produced virtually all its vehicles with the same hardware and owners can unlock features later through software updates.
This includes features like heated seats, acceleration boost, and even Tesla’s Full Self-Driving package, which costs $15,000.
It creates a market for people trying to get around the software lock.
A group of security researchers (aka hackers) at TU Berlin announced that they managed to exploit a weakness in the onboard computer to unlock these features:
Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities. More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying.
They plan to unveil the result of their exploit in a presentation called “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater” next week.
The hack requires physical access to the car, and it involves a “voltage fault injection attack” on the AMD-based infotainment system:
For this, we are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system. First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP’s early boot code. We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distribution.
The group of hackers claims that their “Tesla Jailbreak” is “unpatchable” and allows to run “arbitrary software on the infotainment.”
They add:
Second, it will enable us to extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla’s internal service network.
Ultimately, the hackers believe that they can unlock virtually all software-locked features inside Tesla vehicles even Full Self-Driving – though they believe that it would require some more reverse-engineering.
Electrek’s Take
Generally, these exploits are shared with Tesla, and it helps the automaker secure its systems.
In this case, the hackers said that despite the exploit, they believe Tesla’s security is better than other automakers.
We have seen Tesla put a lot more emphasis on cyber security over the last few years. We highlighted the effort in our report: The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy.
FTC: We use income earning auto affiliate links. More.