Tesla revolutionized the automotive industry with its cutting-edge technology. For owners that technology is mostly accessed through the main display inside the vehicle, but a group of academic researchers have recently jailbroken the automaker’s infotainment system allowing them to turn on features such as Acceleration Boost and Full Self-Driving (FSD).
According to the researchers from Technical University Berlin and independent researcher Oleg Drokin, all recent Tesla models feature MCU-Z, an AMD-based infotainment system that facilitates over-the-air (OTA) updates and also enables users to purchase features and software upgrades from within the vehicle.
The researchers discovered that by exploiting a known voltage glitching attack on the Infotainment and Connectivity ECU (ICE) board, they could bypass the AMD Secure Processor (ASP), the system’s root of trust. This glitching attack allowed them to gain root access and execute arbitrary software on the MCU-Z, effectively unlocking some of the paid in-car features without proper authorization.
Not only does this exploit open access to paid features such as Acceleration Boost and heated seats, it also allowed them to access Tesla’s internal network for more sophisticated modding. This included breaking geolocation restrictions on navigation and FSD Beta, as well as the ability to transfer a vehicle’s user profile to another Tesla.
While jailbreaking an iPhone was a relatively simple task that almost anyone could do, jailbreaking your Tesla will require some technical know-how.
“Currently, our attack can be applied by people with some electronic engineering background, a soldering iron, and the ability to purchase additional hardware for about $100. We recommend using a Teensy 4.0 Development board for the voltage glitching that is readily usable with our open-sourced attack firmware. An SPI flash programmer is required, and a logic analyzer can greatly help to debug the overall attack,” Ph.D. student Christian Werling says.
While this hack allows Tesla owners to customize their vehicles and access premium features, the research team says it also poses risks. There are of course those who would use it for malicious intent, such as decrypting onboard storage and accessing private user data, including personal information, phonebooks, and calendars. But despite the newfound vulnerabilities, the team applauded Tesla’s commitment to security, which they said is ahead of the rest of the automotive industry.
The team will present their findings next week in Las Vegas at Black Hat USA under the title “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater.” They have not confirmed if they have already informed Tesla of this vulnerability. The automaker is very receptive to the findings of white hat hackers, offering generous rewards for doing so. Tesla also regularly participates in the Pwn2Own hacking contest, having given away hundreds of thousands of dollars and several Teslas over the years to successful hackers.