Tesla hackers exploit voltage glitching

author: FutureCar Staff    

A group of German PhD students from Technische Universität Berlin recently demonstrated a method to unlock paywalled features in a Tesla Model 3. Instead of trying to gain control of the vehicle from the outside, the researchers approached the problem as if they already had physical access to the car. They attempted to modify the firmware in the Tesla's computer, but were unable to bypass the secure boot process, which is a new development in Tesla's computers.

Previous versions of Tesla computers had vulnerabilities that allowed for off-chip boot loader buffer overflow, but these issues were fixed with firmware updates. The researchers discovered that the latest Tesla computers have a boot chain of trust, firmware and OS signing, and a root of trust in their AMD SoCs. This left the researchers unable to gain access to the computer.

By soldering wires to the infotainment and connectivity ECU, which contains the gateway chip that stores settings for software-locked features, the team was able to manipulate the voltage at just the right time to trick the system into thinking it was being booted securely. This allowed them to gain root access to the device and unlock features such as heated seats. They were also able to extract information from the Tesla computer, including location history, Wi-Fi passwords, and session cookies for services like Spotify and Gmail.

When the researchers contacted Tesla to share their findings, the company's main concern was whether the exploit was persistent. Since it was not, Tesla did not respond further. Achieving persistence would require soldering a mod chip to the board, which would void the warranty. The team has not yet tested their method in an actual Tesla, but an independent security researcher who worked on the project has reportedly tried it successfully.

The researchers have not attempted to duplicate the exploit in other vehicles with software-locked features, as they have not found computers from other manufacturers with the same level of protection. However, they believe that Tesla has become adept at defending against software attacks due to their past efforts in attracting hackers. It remains to be seen if other automakers have taken similar measures to protect their systems.

It is worth noting that Tesla's use of voltage-vulnerable AMD chips in their computers raises questions about supply chain security. The authors of the 2021 AMD voltage glitching paper suggested that software modifications could be made to detect voltage modulation and prevent insecure boot faults. It is unclear if Tesla will release a patch to address this vulnerability.

As of now, Tesla has not responded to inquiries about these issues.

FutureCar Staff