Researchers at Technical University (TU) Berlin have demonstrated a method to unlock features on Tesla cars that are software-locked, potentially worth up to $15,000. While Tesla touts the reliability and security of its software, instances of hackers finding ways to manipulate the system and access Tesla vehicles have been on the rise. Tesla, as the world’s largest electric vehicle (EV) manufacturer, relies heavily on its proprietary software, making these security concerns a significant issue.
The German researchers were able to jailbreak the AMD-based infotainment systems used in Tesla cars, building upon their earlier research on AMD. They achieved this by conducting a voltage fault injection attack against the AMD Secure Processor (ASP). This attack allowed them to access a range of personal information belonging to Tesla owners, including phonebooks, calendar entries, call logs, Spotify and Gmail session cookies, WiFi passwords, and location history, which could then be decrypted via the car’s system.
One of the researchers, Christian Werling, noted that Tesla had informed them that the ability to enable features, such as rear seat heaters, through their proof of concept was based on an older firmware version. Newer versions now require updates to be accompanied by a valid Tesla signature and verification through the Gateway, making such attacks more challenging. Nonetheless, the researchers were able to unlock features worth up to $15,000, including features like Ventilated or Heated Seats, Performance Modes, Independent Repairs, and more.
These incidents highlight growing security concerns for Tesla owners, as hackers continue to find ways to manipulate the company’s software. Recent instances include hackers claiming to control Full Self-Driving (FSD) mode in some Tesla vehicles, indicating the potential for unauthorized access to locked or unreleased features. To address these concerns, it is crucial for Tesla to regularly update its software to strengthen security and protect the privacy of its vehicle owners.