Security News > 2023 > August > Tesla infotainment jailbreak unlocks paid features, extracts secrets

Tesla infotainment jailbreak unlocks paid features, extracts secrets
2023-08-06 15:06

Researchers from the Technical University of Berlin have developed a method to jailbreak the AMD-based infotainment systems used in all recent Tesla car models and make it run any software they choose.

The hack allows the researchers to extract the unique hardware-bound RSA key that Tesla uses for car authentication in its service network, as well as voltage glitching to activate software-locked features such as seat heating and 'Acceleration Boost' that Tesla car owners normally have to pay for.

The researchers were able to hack the infotainment system using techniques based on the team's previous AMD research, which uncovered the potential for fault injection attacks that can extract secrets from the platform.

Tesla's infotainment APU is based on a vulnerable AMD Zen 1 CPU; hence the researchers could experiment with the exploitation of the previously discovered weaknesses to achieve jailbreak.

The jailbreak enables an attacker to extract the TPM-protected attestation key that Tesla uses to authenticate the car and verify its hardware platform's integrity, and migrate it to another car.

As for what tools are needed to jailbreak Tesla's infotainment system, one of the researchers Christian Werling, explains that a soldering iron and $100 worth of electronic equipment, like the Teensy 4.0 board, should be enough to do the trick.


News URL

https://www.bleepingcomputer.com/news/security/tesla-infotainment-jailbreak-unlocks-paid-features-extracts-secrets/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Tesla 6 3 5 1 0 9