Voltage glitching unlocks Tesla features
【Summary】German PhD students from Technische Universität Berlin demonstrated at Black Hat how they were able to bypass the purchase requirement to activate heated rear seats in a Tesla Model 3 by using voltage glitching. By soldering wires to the infotainment and connectivity ECU, they were able to fool the system into thinking it was being booted securely, gaining root access to the device and unlocking the heated seats.
A group of German PhD students recently demonstrated at the Black Hat conference that there is a way to unlock paywalled features in cars. However, this discovery is unlikely to cause major concerns for automakers. The researchers from Technische Universität Berlin focused on bypassing the $300 purchase requirement to activate heated rear seats in a Tesla Model 3. Their approach was different from previous Tesla hackers who tried to gain control of vehicles from the outside. Instead, they approached the problem as someone who already had physical access to the vehicle and wanted to make modifications to installed features.
The researchers' initial attempt was to modify the firmware in the Tesla's computer. However, they were unable to bypass the secure boot process, which is a relatively new development in Tesla's computers. Previous versions of Tesla computers had vulnerabilities that were fixed through firmware updates. Despite these improvements, the researchers faced challenges in accessing the system due to the boot chain of trust, firmware and OS signing, and root of trust in the AMD SoCs used in Tesla computers.
By soldering wires to the infotainment and connectivity ECU, which contains the gateway chip storing software-locked feature settings, the researchers were able to manipulate the voltage to trick the system into thinking it was being booted securely. This allowed them to gain root access to the device and unlock the heated seats. Additionally, they could extract information from the Tesla computer, such as location history, Wi-Fi passwords, and session cookies for services like Spotify and Gmail.
When the researchers contacted Tesla to share their exploit, Tesla's main concern was whether the exploit was persistent. Since it was not, Tesla did not respond further. To achieve persistence, the researchers would need to solder a mod chip to the board itself, which could void the warranty. Although they haven't tested it on an actual Tesla yet, an independent security researcher who worked with the team has reportedly tried it successfully.
The team has not yet attempted to duplicate the exploit in other vehicles with software-locked features, such as BMWs, due to the lack of available computers for testing. However, the lead researcher believes that other manufacturers may not have the same level of protection as Tesla. Tesla has invested in defending its software against attacks and has actively engaged with hackers in the past, which may not be the case for other automakers.
This discovery highlights a potential failure in supply chain security, as Tesla uses voltage-vulnerable AMD chips in its computers. The researchers who previously discovered the AMD voltage glitching vulnerability suggested that software modifications could help detect voltage modulation and prevent insecure boots. It remains to be seen if Tesla will release a patch to address this issue.
Despite attempts to reach out to Tesla for further information, the automaker has not responded to inquiries at this time.
-
Electric Nissan Juke: A Sneak Peek at the Future
-
Electric cars set to become more affordable
-
Major creditor in talks to acquire Volta Trucks
-
Chinese EV maker's valuation close to Tesla
-
EVs' Limited Success in the U.S., Excluding Teslas
-
Toyota's Dedication to Quality Shines in Century Bolt Tightening Process
-
Tragic Accident: Bentley's Speed Questioned in Niagara Falls Deaths
-
Accelerating Car Development with Mazda-backed AI Firm
- "Watchdog's Ban on Toyota HiLux Ad Reflects Lack of Social Responsibility"
- Nissan Sunderland's upcoming models: Juke and Qashqai
- Carmakers inundating market with fresh electric vehicles
- Fisker's Decline
- Motorist crashes into Canadian border in Niagara Falls
- Tesla India investment deal revives with significant funding at stake
- Winter Reminder for Tesla Owners: WD-40 Essential
- Tesla's Cybertruck reveals impressive towing capacity and more in new ad
- Nissan's £1bn investment in UK electric cars
- Toyota SUV ads banned for promoting reckless driving