Researchers Jailbreak Tesla and Unlock Paid Features

Researchers from the Technical University of Berlin have developed a method to jailbreak infotainment systems based on AMD processors. These systems are used in all recent Tesla car models, and the researchers were able to run any software on them and unlock paid vehicle features.

The attack created by the researchers allows them to extract a unique RSA key tied to the hardware (Tesla uses this for authenticating the car in its service network) and activate software-locked features, including seat heating and Acceleration Boost, which Tesla owners usually have to pay for separately. However, it’s noted that this method cannot be used to unlock the Full-Self Driving (FSD) feature, Tesla’s well-known “autopilot.”

The researchers will present their findings at the BlackHat 2023 conference this month. They have already discovered that anyone with physical access to the car’s Infotainment and Connectivity ECU (ICE) board can use a known attack against the AMD Secure Processor (ASP), which is the basis for the MCU-Z infotainment control unit.

Essentially, the experts managed to hack the infotainment system by building on previous research that found ways to inject faults and extract secrets. Since Tesla’s infotainment system is based on the vulnerable AMD Zen 1 processor, using previously discovered vulnerabilities made the jailbreak possible.

“Currently, our attack can be carried out by people with some knowledge of electronics, soldering skills, and about $100 worth of extra equipment,” the experts explain. “We recommend using a Teensy 4.0 board, which is easy to use for voltage glitching attacks with our open-source firmware. You’ll also need an SPI-Flash programmer and a logic analyzer to help debug the attack.”

The voltage glitching technique, also known as fault injection, allows root access and the ability to run arbitrary software on the MCU-Z to unlock certain paid car features. Moreover, the researchers claim that access gained this way is almost irreversible.

“The root access we obtained allows us to make arbitrary changes to Linux that persist through reboots and updates,” say the authors of the attack.

Additionally, the jailbreak allows extraction of the protected TPM attestation key, which Tesla uses to authenticate the car and verify the integrity of its hardware, and transfer it to another vehicle. The researchers explain that this could help use the car in unsupported countries or perform self-repairs. However, it could also allow a malicious actor to make their car appear as someone else’s.

The researchers noted that the attack could likely be turned into a ready-made “product,” like a mod chip, that could be used for plug-and-play jailbreaking. However, the experts themselves do not plan to pursue this, as it would be a “very questionable business model” from both legal and economic perspectives.

The jailbreak authors told Bleeping Computer that they notified Tesla of their findings, and the company is already working to address the issues:

“Tesla told us that our proof-of-concept for enabling rear seat heating relies on an old firmware version. In newer versions, updating this configuration item is only possible with a valid Tesla signature (verified/confirmed by the gateway). So, while our attacks laid important groundwork for experimenting with the system as a whole, enabling rear seat heating or any other locked feature will require another software or hardware exploit and an attack on the gateway.”

Nevertheless, the key extraction attack still works even with the latest Tesla firmware.