In an unprecedented technological feat, a team of three PhD students and a security researcher from Germany has allegedly discovered a method to exploit the latest AMD-based Tesla cars, potentially establishing the world’s first persistent “Tesla Jailbreak”.
The group is set to present a fully functional demonstration of an assault on Tesla’s contemporary AMD-based media control unit (MCU) at the forthcoming Blackhat 2023 conference. In their pre-conference brief, the researchers shed light on the intricacies of the jailbreak, revealing its roots in a known hardware exploit targeting a specific component within the MCU. The successful exploitation of this vulnerability grants access to critical systems regulating in-car purchases, possibly fooling the car into recognizing these purchases as prepaid.
Tesla’s renowned for their sophisticated and seamlessly integrated car computers, which have roles ranging from mundane entertainment functionalities to advanced autonomous driving abilities. The briefing noted, “Tesla has recently expanded this established platform to facilitate in-car purchases, encompassing both digital features like additional connectivity and physical features such as enhanced acceleration or heated rear seats. Therefore, successfully hacking into the embedded car computer could potentially enable users to unlock these features free of charge.”
This groundbreaking assault also permits researchers to extract a unique cryptographic key associated with each vehicle. This key plays an essential role in authenticating and authorizing a vehicle within Tesla’s service network.
The researchers emphasized that the current fleet of Tesla cars is vulnerable to this unpatchable exploit. This suggests that regardless of software updates deployed by Tesla, potential assailants or even DIY hackers with physical access to the car can execute arbitrary code on Tesla vehicles. This security breach, rooted not in a Tesla-made component but in the embedded AMD Secure Processor (ASP) inside the MCU, is presently indefensible.
The specifics of this exploit will only be fully revealed during the Blackhat 2023 conference. However, the researchers have indicated the use of “low-cost, off-the-shelf hardware” for the operation. It’s a complex assault but based on a previous presentation given by one of the team members, Niklas Jacob, at Black Hat 2022, it can be inferred that the methodology may be analogous.
Tesla, known for locking installed hardware behind software, has incited a degree of customer dissatisfaction over the years. For instance, footwell lights installed in the RWD Model 3 from the factory are software disabled, and certain features such as the heated steering wheel function and heated rear seats were initially behind a software paywall. Moreover, Tesla offers a $2,000 “Acceleration Boost” upgrade for certain models, reducing zero to 60 time by half a second.
Despite the researchers not specifically mentioning Full Self-Driving (FSD) in their list of premium features, it is significant to note that Tesla’s software is a significant part of its revenue stream. Often perceived as a software company that also manufactures cars, Tesla’s knack for creating software-centric vehicles that customers are eager to upgrade has proven profitable. Thus, a persistent “Tesla Jailbreak” could pose significant financial and security challenges for the company.
As vehicle technologies evolve to incorporate more sophisticated computer systems, such exploits are likely to become more prevalent. This may even initiate a new era of vehicle modification—although car manufacturers may strongly resist, preferring to incentivize hackers to share their findings to allow for patching, in some cases even offering free cars in exchange for this information.