A security researcher along with three PhD students from Germany have reportedly found a way to exploit Tesla’s current AMD-based cars to develop what could be the world’s first persistent “Tesla Jailbreak.”
The team published a briefing ahead of their presentation at next week’s Blackhat 2023. There, they will present a working version of an attack against Tesla’s latest AMD-based media control unit (MCU). According to the researchers, the jailbreak uses an already-known hardware exploit against a component in the MCU, which ultimately enables access to critical systems that control in-car purchases—and perhaps even tricking the car into thinking these purchases are already paid for.
“Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities,” wrote the researchers in the briefing. “More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying.”
Separately, the attack will allow researchers to extract a vehicle-specific cryptography key that is used to authenticate and authorize a vehicle within Tesla’s service network.
According to the researchers, the attack is unpatchable on current cars, meaning that no matter what software updates are pushed out by Tesla, attackers—or perhaps even DIY hackers in the future—can run arbitrary code on Tesla vehicles as long as they have physical access to the car. Specifically, the attack is unpatchable because it’s not an attack directly on a Tesla-made component, but rather against the embedded AMD Secure Processor (ASP) which lives inside of the MCU.
It’s unclear of the specifics of this attack, at least until next week’s talk, but researchers say that they use “low-cost, off-the-self hardware” to accomplish it. This attack is complicated, but using a previous presentation at Black Hat 2022 given in part by Niklas Jacob (one of the students who worked on this project), we are able to deduce how the researchers might be going about this attack assuming it’s similar in nature.
Essentially, ASP voltage-based fault attacks take place during the boot process. First, the researchers replace AMD’s known-good public cryptographic key with their own and inject their own custom bootloader image at the same time. This would typically result in the verification of the key failing since it isn’t the trusted key expected during the boot process. However, through the magic of voltage faulting—that is, applying a specific voltage to the integrated circuit to emulate a particular fault condition—the attackers are able to glitch the ASP into thinking that the key was valid by making the ASP and its components believe that a valid key is presented. The actual attack is much more complicated, but a whitepaper can be read here.
Tesla is an offender of something many car owners hate: making vehicles with hardware installed, but locked behind software. For example, the RWD Model 3 has footwell lights installed from the factory, but they are software disabled. Tesla also previously locked the heated steering wheel function and heated rear seats behind a software paywall, but eventually began activating it on new cars at no extra cost in 2021. There’s also the $2,000 “Acceleration Boost” upgrade for certain cars that drops a half-second off of the zero to 60 time.
And, of course, let’s not forget about Tesla’s Enhanced Autopilot and Full Self-Driving software stacks. The researchers interestingly did not call out Full Self-Driving in their list of paid features. Perhaps this was left out intentionally as a big reveal for the talk, or maybe because Tesla maintains a different code branch for cars equipped with FSD, making it not actually possible to simply enable features like heated seats or acceleration boost.
Software is a big market for Tesla. It’s often jested that the automaker is a software company that happens to build cars, meaning that its bread and butter is being able to make software-centric vehicles that customers are willing to upgrade. Because of this, Tesla has even sunk time into thwarting hardware-based hacks, though companies have fought back against this with—you guessed it—more hardware.
As cars become more computerized, these types of attacks will likely become more commonplace. Perhaps it will even become the next sort of vehicle modding—albeit with some direct resistance from automakers who would rather give away free cars in exchange for hackers sharing their exploits so that they can be patched.
Got a tip or question for the author? Contact them directly: rob@thedrive.com