Tesla hackers exploit voltage glitching to unlock features

Home > Industry Analysis > Content

【Summary】German PhD students from Technische Universität Berlin demonstrated at the Black Hat conference how they were able to bypass the purchase requirement to activate heated rear seats in a Tesla Model 3. They used voltage glitching, soldering wires to the infotainment and connectivity ECU to fool the system into thinking it was being booted securely, gaining root access and unlocking the seats. They were also able to exfiltrate car and user data.

FutureCar Staff Aug 17, 2023 12:37 AM PT

Tesla hackers exploit voltage glitching to unlock features

A group of German PhD students demonstrated at Black Hat how they were able to bypass paywalled features in a Tesla Model 3. Instead of approaching the problem as outsiders trying to gain control of the vehicle, the researchers approached it as someone with physical access to the car. Their first attempt to modify the firmware was unsuccessful due to the secure boot process. Previous versions of Tesla computers had vulnerabilities that were later fixed through firmware updates and hardware upgrades.

The researchers found a way to fool the system by soldering wires to the infotainment and connectivity ECU, allowing them to drop the voltage at the right time and gain root access to the device. They were then able to unlock the heated seats and extract information stored in the Tesla computer, including location history, Wi-Fi passwords, and session cookies.

When the researchers contacted Tesla to share their findings, the automaker's main concern was whether the exploit was persistent. Since it wasn't, Tesla hasn't responded to them. Achieving persistence would require soldering a mod chip to the board itself, which would void the warranty. The team hasn't tested their method in an actual Tesla yet, but an independent security researcher who worked on the project has tried it successfully.

The team hasn't attempted to duplicate the problem in other vehicles with software-locked features, but they believe other automakers may not have the same level of protection as Tesla. Tesla has invested in defending against software attacks and has attracted hackers to help improve its security. However, the fact that Tesla's computers use voltage-vulnerable AMD chips raises concerns about supply chain security. The researchers suggest that software modifications could be made to detect voltage modulation and prevent insecure boots.

It remains to be seen if Tesla will release a patch to address this vulnerability. The Musk-owned automaker has not responded to inquiries about the issue.