Tesla Hack: Full access to all functions

B2B Cyber ​​Security ShortNews

Share post

With a hack, doctoral students from the TU Berlin and a security researcher were able to use all the premium functions of a Tesla that buyers normally have to unlock first: full entertainment, heated rear seats and more. The weak point is probably the new AMD-based infotainment system.

The pre-announcement for BlackHat USA 2023 has it all: In a 40-minute contribution, three doctoral students from the TU Berlin and the security researcher Oleg Drokin want to show. How to hack into a Tesla's infotainment system (MCU-Z) and then unlock the premium features. Because buyers usually have to pay for heated rear seats or faster acceleration via subscription for use. After the hack, the on-board computer is sure that the subscription is valid and that all functions have been paid for.

Tesla hack unlocks subscription services

Tesla is known for its advanced and well-integrated car computers, ranging from everyday entertainment purposes to fully autonomous driving functions. More recently, Tesla has started using this established platform to enable in-car purchases, not just for additional connectivity features, but even analog features like faster acceleration or heated rear seats. Therefore, by hacking the onboard car computer, users could unlock these features without paying for it.

In this talk, the researchers present an attack on newer AMD-based infotainment systems (MCU-Z), which are used in all newer models. It offers two distinct features: First, it enables the first non-patchable AMD-based "Tesla Jailbreak" that allows arbitrary software to run on the infotainment. Second, it makes it possible to extract an otherwise vehicle-specific, hardware-bound RSA key used to authenticate and authorize a car on Tesla's internal service network.

RSA key can be extracted

To do this, the researchers used a known voltage error injection attack against the AMD Secure Processor (ASP), which serves as the root of trust for the system. At the congress and briefing, the researchers show how they used inexpensive, homegrown hardware to launch the glitching attack and subvert the ASP's early boot code. They then show how they redesigned the boot flow to have a root shell for their recovery and production Linux distributions.

The root rights obtained in this way allow any changes to Linux, which also survive restarts and updates. They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phone book, calendar entries, etc. On the other hand, it can also benefit vehicle use in unsupported regions. In addition, the ASP attack opens up the possibility of extracting a TPM-protected attestation key that Tesla uses to authenticate the car. This allows a car's identity to be migrated to another car computer without any help from Tesla, making certain repair jobs easier.

More at BlackHat.com


Matching articles on the topic

Researchers find 26 billion access data on the web

A package with 26 billion data records containing access data appeared online. It is said to contain user access data at many companies ➡ Read more

Data offering: Every third company appears on the dark web

In the last two years, one in three companies worldwide have offered compromised data for sale on the dark web. A big ➡ Read more

Fast food chain Subway probably victim of Lockbit

Many sources indicate that the Subway company was the victim of a cyberattack by LockBit. The operator Subway is there ➡ Read more

Russian APT group attacked Microsoft 

According to its own information, Microsoft was attacked by Midnight Blizzard on January 12, 2024. The Russian-sponsored actors had ➡ Read more

Many German chambers of crafts remain offline

The IT service provider ODAV was the victim of a cyber attack at the beginning of January. Because the service provider provides many services for the German Chamber of Crafts ➡ Read more

Security awareness against phishing attacks

The increasing spread of deepfake and AI technologies poses a serious threat, particularly in the area of ​​phishing attacks. These technologies enable ➡ Read more

Cat and mouse game in IT security

Looking back at 2023, we can see that the topic of AI has had a significant impact on IT security. That will too ➡ Read more

Politically motivated attacks by hackers

The nature of cyberattacks is changing. In the past it was mostly about blackmail, today it's also about destruction. That political tensions are increasing ➡ Read more