Sunday, October 6, 2024
HomeCyber Security NewsResearch Jailbreak Tesla’s Software-Locked Features Worth up to $15,000

Research Jailbreak Tesla’s Software-Locked Features Worth up to $15,000

Published on

Tesla has a reputation for having highly integrated and technologically advanced car computers, which can be used for everything from basic entertainment to completely autonomous driving.

Earlier in the BlackHat, an attack briefed against modern AMD-based infotainment systems (MCU-Z) was found on all current vehicles.

Researchers from the Technical University of Berlin have developed a means to jailbreak these systems and run any software they choose.

- Advertisement - EHA

The hack also enables voltage glitching to activate software-locked features like seat heating and “Acceleration Boost,” which Tesla car owners typically have to pay for.

Tesla uses this hardware-bound RSA key for car authentication in its service network.

Security experts at TU Berlin claim that the software-locked features are worth $15,000 in Electrek’s report.

Method To Jailbreak The AMD-Based Infotainment Systems

The researchers were able to compromise the infotainment system by employing methods from their earlier AMD research, which exposed the possibility of ‘fault injection attacks’ that may steal information from the platform.

Tesla’s infotainment APU is built on a weak AMD Zen 1 CPU; therefore, the researchers might try to jailbreak the device by exploiting the previously identified flaws.

The researcher’s brief BlackHat report says, “For this, we are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system.”

“First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP’s early boot code.”

“We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distributions.”

Furthermore, they could access and decrypt sensitive information saved on the car’s system, such as the owner’s personal data, phonebook, calendar entries, call logs, Spotify and Gmail session cookies, WiFi passwords, and places visited.

 The TPM-protected attestation key that Tesla employs to authenticate the vehicle and check the reliability of its hardware platform may be extracted by an attacker via the jailbreak and transferred to another vehicle.

Researchers mention that this might aid in running the car in unsupported zones, making independent repairs, and modifying it in addition to car ID impersonation on Tesla’s network.

According to one of the researchers, Christian Werling, a soldering iron and $100 worth of electrical components, such as the Teensy 4.0 board, should be sufficient to jailbreak Tesla’s infotainment system.

Christian Werling told BleepingComputer, “Tesla informed us that our proof of concept enabling the rear seat heaters was based on an old firmware version.”

“In newer versions, updates to this configuration item are only possible with a valid signature by Tesla (and checked/enforced by the Gateway).”

“So while our attacks lay some important groundwork for tinkering with the overall system, another software or hardware-based exploit of the Gateway would be necessary to enable the rear seat heaters or any other soft-locked feature.”

The researcher added that the key extraction attack is still functional in the most recent Tesla software update, indicating that the issue is still exploitable.

Also, it has been reported on certain news sites that the jailbreak can enable Full-Self Driving (FSD); however, the researcher has informed that this is untrue.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...