Tesla hackers exploit voltage glitching to access features

author: FutureCar Staff    

A group of German PhD students from Technische Universität Berlin demonstrated at Black Hat how they were able to unlock paywalled features in a Tesla Model 3. Instead of approaching the problem as outsiders trying to gain control of the vehicle, the researchers approached it as someone who already had physical access and wanted to make modifications. Their first attempt to modify the firmware was unsuccessful due to the secure boot process, which is a new development in Tesla's computers. Previous versions of Tesla computers had vulnerabilities that were fixed through firmware updates. The researchers eventually found a way to gain root access to the device and unlock the heated seats by causing a voltage glitch. They were also able to exfiltrate information stored in the Tesla computer, such as location history and Wi-Fi passwords.

When the researchers contacted Tesla to share their exploit, Tesla's first concern was whether it was persistent. Since it wasn't, Tesla has not responded to the researchers. Achieving persistence would require soldering a mod chip to the board itself, which would void the warranty. The team hasn't had a chance to try their exploit in an actual Tesla yet, but they believe it would work based on the experience of an independent security researcher who worked on the project. The team has not yet attempted to duplicate the exploit in other vehicles with software-locked features, but they suspect that other manufacturers may not have the same level of protection as Tesla. Tesla's reliance on voltage-vulnerable AMD chips in their computers raises questions about supply chain security. The researchers suggest that software modifications could be made to detect voltage modulation and prevent insecure boots. However, Tesla has not responded to inquiries about these issues.

FutureCar Staff