A team of researchers has unveiled a method to hack into the hardware that drives Tesla’s infotainment system, enabling them to access features that would typically require payment, such as heated rear seats.
This discovery effectively allows them to “jailbreak” the vehicle, potentially even enabling self-driving and navigation functions in regions where they are usually restricted, reports TechCrunch.
The research team, which includes three students from Technische Universität Berlin and an independent researcher, will present their findings at the upcoming Black Hat cybersecurity conference in Las Vegas.
The hacking technique, termed “voltage glitching,” involves manipulating the supply voltage of the AMD processor that operates the infotainment system. Christian Werling, one of the researchers, explained that by doing this “at the right moment,” they could mislead the CPU, causing it to skip an instruction and accept the altered code.
While the researchers stated that the attack requires physical access to the car, Werling noted that this is precisely the scenario in which the jailbreak would be applicable. He told TechCrunch, “We are not the evil outsider, but we’re actually the insider, we own the car. And we don’t want to pay these $300 for the rear heated seats.”
Using the same voltage glitching technique, the team was also able to extract the encryption key that the car uses to authenticate with Tesla’s network. This theoretically opens up possibilities for further attacks, although the researchers admit that they have yet to fully explore these potentials.
Shockingly, the researchers were also able to retrieve personal information from the vehicle, including contacts, calendar appointments, call logs, visited locations, Wi-Fi passwords, and email session tokens. This data could be of interest to those with physical access to the car, even if they do not own it.
Addressing this hardware-based vulnerability presents significant challenges. According to the researchers, mitigating the issue would likely require Tesla to replace the compromised hardware. As of now, Tesla has not issued an official response to the research findings, but you can bet their team is ready to fix this vulnerability once they learn about it.
Tesla participates annually in the Pwn2Own conference in Vancouver, BC, to learn and reward white hat hackers that try to break into the vehicle operating systems (which they normally are able to do), while earning a free Tesla in the process.
