Tesla hackers exploit voltage glitching for feature unlocking.
【Summary】German PhD students from Technische Universität Berlin demonstrated at Black Hat how they were able to bypass the purchase requirement to activate heated rear seats in a Tesla Model 3. They used voltage glitching by soldering wires to the infotainment and connectivity ECU to fool the system into thinking it was being booted securely, gaining root access to the device and unlocking the heated seats.
A group of German PhD students from Technische Universität Berlin demonstrated at Black Hat how they were able to bypass the purchase requirement to activate heated rear seats in a Tesla Model 3. Rather than approaching the problem as outsiders trying to gain control of the vehicle, the researchers approached it as someone with physical access to the vehicle trying to make modifications. Their first attempt to modify the firmware in the Tesla's computer was unsuccessful due to the secure boot process.
Previous versions of Tesla computers had vulnerabilities that were later fixed through firmware updates. The researchers found that Tesla computers now have a boot chain of trust, firmware and OS signing, and a root of trust in their AMD SoCs, making it difficult for them to gain access. They then used a voltage glitch to fool the system into thinking it was being booted securely, allowing them to gain root access and unlock the heated seats. They were also able to exfiltrate information about the car and user data stored in the Tesla computer.
When the researchers contacted Tesla to share their exploit, Tesla's first question was whether it was persistent. Since the exploit was not persistent, Tesla did not respond further. Achieving persistence would require soldering a mod chip to the board itself, which would void the warranty. The researchers have not had a chance to try the exploit in an actual Tesla yet, but they believe it will work based on tests conducted by an independent security researcher.
The researchers have not tried duplicating the exploit in other vehicles with software-locked features, but they speculate that other manufacturers may not have the same level of protection as Tesla. Tesla has invested in defending against software attacks and has attracted hackers in the past. However, the researchers point out that Tesla's reliance on voltage-vulnerable AMD chips raises questions about supply chain security. It is suggested that software modifications could be made to detect voltage modulation and prevent insecure boots.
Unfortunately, Tesla has not answered questions regarding the exploit and whether they will release a patch to address the issue.
-
Electric Nissan Juke: A Sneak Peek at the Future
-
Electric cars set to become more affordable
-
Major creditor in talks to acquire Volta Trucks
-
Chinese EV maker's valuation close to Tesla
-
EVs' Limited Success in the U.S., Excluding Teslas
-
Toyota's Dedication to Quality Shines in Century Bolt Tightening Process
-
Tragic Accident: Bentley's Speed Questioned in Niagara Falls Deaths
-
Accelerating Car Development with Mazda-backed AI Firm
- Creditor in talks to acquire Volta Trucks
- Chinese EV maker's valuation close to Tesla
- EV charging to be prioritized in planning system
- Electric hot hatch at a lower cost
- Electric Nissan Juke: A Sneak Peek at the Future
- Dacia closes website for Black Friday
- Married At First Sight's Peggy Rose £100k car stolen
- Land Rover Recalls Defender 130 TReK Over Brake Caliper Detachment
- Brexit Britain's Surprise Victory: Nissan's £2billion Investment
- Hyundai's plans for a new manufacturing facility in India