Some say Electric Vehicles (EV) are essentially smartphones on wheels and like any tech gadget, there’s a small risk of some sort of exploit that could be used for various reasons. As reported by Tom’s Hardware, a group of security researchers from TU Berlin have found a way to “jailbreak” a Tesla‘s Media Control Unit (MCU) and they managed to unlock paid features of the car for free.
The MCU is essentially Tesla’s infotainment system and the third-generation version which is running on current EV models uses a custom AMD Ryzen SoC. According to the research team, they have found an exploit on the AMD-based chip which allows them to run arbitrary software and this also enables them to extract the vehicle-unique hardware-bound RSA key which can be used to authenticate and authorise a car within Tesla’s internal service network.
The TU Berlin security researcher group is having a talk about their discovery this coming Wednesday at Blackhat USA 2023 in Las Vegas and they have shared some details about the “jailbreak”. As shared in the listing: “We are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system. First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP’s early boot code. We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distribution.”
It added that the exploit allows an attacker to decrypt the encrypted NVMe storage and provides access to private user data including phonebook and calendar entries. Since they can also extract the TPM-protected key, it also enables the possibility of migrating a car’s identity to another vehicle without going through Tesla.
Tom’s Hardware added that the AMD TPM exploit affects Zen 2 and Zen 3 chips. They reported that this flaw is currently unpatchable and it seems that Tesla would have no known mitigation to fix this exploit.
In terms of what features can be enabled for free with this exploit, the TU Berlin researchers confirmed to Tom’s hardware that it can unlock Cold Weather Feature which costs USD 300 (about RM1,366). This enables extra features such as heated steering wheel and heated rear seats. So far there are no details on whether or not the exploit can enable more advanced features such as Acceleration Boost, Enhanced Autopilot and Full Self-Driving capability. In Malaysia, the Enhanced Auto Pilot costs RM16,000 while FSD costs RM32,000.
Related reading
- Tesla Malaysia provides free Wall Connector for all Model Y orders made by 31 October
- Tesla Model Y getting 10,000 bookings in 4 days? Tesla Malaysia says it’s fake news
- Can Tesla vehicles use other EV chargers in Malaysia? Here’s what you need to know
- Tesla Model Y officially priced from RM199,000 in Malaysia. Booking now available