A group of researchers, consisting of a security expert and three PhD students from Germany, claim to have discovered a method to exploit Tesla’s current AMD-based vehicles, potentially creating what could be termed the world’s inaugural “Tesla Jailbreak.”
Their findings are documented in a preliminary report, slated for presentation at the upcoming Blackhat conference in 2023. During this event, the team intends to demonstrate a functional version of their attack on Tesla’s latest AMD-based media control unit (MCU). According to their analysis, the jailbreak utilizes a pre-existing hardware vulnerability within a component of the MCU. This vulnerability facilitates access to vital systems governing in-car transactions, and it may even enable manipulation of the car’s perception of paid transactions.
The researchers note Tesla’s reputation for advanced, seamlessly integrated vehicle computers, encompassing tasks from basic entertainment functions to full-fledged autonomous driving capabilities. More recently, Tesla has harnessed this established platform to facilitate in-car purchases, encompassing not only supplementary connectivity features, but also tangible functionalities like enhanced acceleration or heated rear seats. Consequently, the exploitation of the car’s embedded computer could grant users unauthorized access to these functionalities without financial compensation.
Furthermore, the researchers assert that their attack methodology allows for the extraction of a specific cryptographic key tied to each vehicle. This key is integral for the validation and authorization of a Tesla within the company’s service network.
According to the team’s evaluation, this attack is resistant to patching on current Tesla vehicles. This implies that regardless of any future software updates issued by Tesla, malicious actors—potentially even independent hobbyist hackers in the future—could execute arbitrary code on Tesla automobiles, provided they have physical access to the vehicle. This inherent patch-resistant quality stems from the nature of the attack itself: it targets the embedded AMD Secure Processor (ASP) located within the MCU, rather than a Tesla-manufactured component.
Although the precise intricacies of the attack remain undisclosed until the Blackhat presentation, the researchers allude to the utilization of cost-effective, readily available hardware to accomplish their objective. Drawing from an earlier presentation by Niklas Jacob, a contributor to this project, at Blackhat 2022, we can infer potential similarities in the attack approach.
In essence, the attack capitalizes on voltage-based fault attacks against the ASP during the boot sequence. Initially, the researchers substitute AMD’s officially recognized public cryptographic key with their own version, concurrently injecting a customized bootloader image. This action would typically trigger a failure in key verification, as the injected key deviates from the expected trusted key during boot-up. However, by employing voltage faulting—an approach that introduces a specific voltage to the integrated circuit to emulate a predefined fault condition—the attackers can manipulate the ASP into erroneously perceiving the injected key as valid. The exact attack strategy is more intricate, but interested parties can delve into a comprehensive whitepaper for further insights.
Tesla has previously provoked frustration among car owners by embedding hardware features that remain inaccessible due to software locks. For instance, the RWD Model 3 includes factory-installed footwell lights that remain disabled via software. Similarly, functions like the heated steering wheel and rear seat heaters were initially withheld behind a software paywall, although Tesla eventually offered them at no extra charge in 2021. Additionally, certain car models offer a $2,000 “Acceleration Boost” upgrade that shaves half a second off the zero to sixty acceleration time.
Notably, Tesla’s Enhanced Autopilot and Full Self-Driving software packages are not explicitly referenced in the researchers’ list of paid features. This omission could signify a deliberate choice, either reserved as a significant reveal for their presentation, or stemming from potential divergence in the codebase for vehicles equipped with Full Self-Driving, which may render the activation of features like heated seats or acceleration boosts less straightforward.
Tesla’s dominant presence in the software market is undeniable. Often humorously referred to as a software company with a car manufacturing facet, Tesla’s primary focus revolves around creating software-centric vehicles that entice customers to engage in upgrades. Consequently, Tesla has invested efforts in deterring hardware-based hacking attempts, though the industry has countered with their own hardware-driven countermeasures.
As vehicles become increasingly computerized, these types of attacks are likely to proliferate. It’s plausible that they could evolve into a new form of vehicle customization, albeit with potential resistance from automakers who might prefer to exchange complimentary cars in return for hackers sharing their exploits, facilitating effective patches.
