Wednesday, May 14, 2025
HomeCyber Security NewsResearch Jailbreak Tesla’s Software-Locked Features Worth up to $15,000

Research Jailbreak Tesla’s Software-Locked Features Worth up to $15,000

Published on

SIEM as a Service

Follow Us on Google News

Tesla has a reputation for having highly integrated and technologically advanced car computers, which can be used for everything from basic entertainment to completely autonomous driving.

Earlier in the BlackHat, an attack briefed against modern AMD-based infotainment systems (MCU-Z) was found on all current vehicles.

Researchers from the Technical University of Berlin have developed a means to jailbreak these systems and run any software they choose.

- Advertisement - Google News

The hack also enables voltage glitching to activate software-locked features like seat heating and “Acceleration Boost,” which Tesla car owners typically have to pay for.

Tesla uses this hardware-bound RSA key for car authentication in its service network.

Security experts at TU Berlin claim that the software-locked features are worth $15,000 in Electrek’s report.

Method To Jailbreak The AMD-Based Infotainment Systems

The researchers were able to compromise the infotainment system by employing methods from their earlier AMD research, which exposed the possibility of ‘fault injection attacks’ that may steal information from the platform.

Tesla’s infotainment APU is built on a weak AMD Zen 1 CPU; therefore, the researchers might try to jailbreak the device by exploiting the previously identified flaws.

The researcher’s brief BlackHat report says, “For this, we are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system.”

“First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP’s early boot code.”

“We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distributions.”

Furthermore, they could access and decrypt sensitive information saved on the car’s system, such as the owner’s personal data, phonebook, calendar entries, call logs, Spotify and Gmail session cookies, WiFi passwords, and places visited.

 The TPM-protected attestation key that Tesla employs to authenticate the vehicle and check the reliability of its hardware platform may be extracted by an attacker via the jailbreak and transferred to another vehicle.

Researchers mention that this might aid in running the car in unsupported zones, making independent repairs, and modifying it in addition to car ID impersonation on Tesla’s network.

According to one of the researchers, Christian Werling, a soldering iron and $100 worth of electrical components, such as the Teensy 4.0 board, should be sufficient to jailbreak Tesla’s infotainment system.

Christian Werling told BleepingComputer, “Tesla informed us that our proof of concept enabling the rear seat heaters was based on an old firmware version.”

“In newer versions, updates to this configuration item are only possible with a valid signature by Tesla (and checked/enforced by the Gateway).”

“So while our attacks lay some important groundwork for tinkering with the overall system, another software or hardware-based exploit of the Gateway would be necessary to enable the rear seat heaters or any other soft-locked feature.”

The researcher added that the key extraction attack is still functional in the most recent Tesla software update, indicating that the issue is still exploitable.

Also, it has been reported on certain news sites that the jailbreak can enable Full-Self Driving (FSD); however, the researcher has informed that this is untrue.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...