Researchers jailbreak Tesla using unpatchable AMD hardware flaw for free feature upgrades

A hot potato: Some features in Tesla vehicles are locked behind paywalls, similar to in-app purchases for smartphone software. As these extra functions are restricted by computer hardware and software rather than core mechanical components, hackers can theoretically unlock them for free, a process that researchers will explain next week.

Researchers from Technische Universität Berlin claim to have jailbroken Tesla vehicles, allowing them to freely access features normally locked behind in-car purchases. They plan to present their detailed findings on August 9 at the 2023 Black Hat USA conference.

According to a preliminary description, the hack unlocked additional connectivity functionality, faster acceleration, and rear heated seats. The researchers also successfully ran arbitrary software on the car’s Linux-based infotainment system, opening up the potential for homebrew Tesla apps.

A potentially more impactful result of the jailbreak is that it could enable hackers to access the hardware-protected keys Tesla uses to authenticate each vehicle. Furthermore, attackers can decrypt a vehicle’s internal storage, giving them access to personal user data.

Using this method, anyone with physical access to a Tesla could take control of the vehicle and access all of the data on it. Conversely, it could enable Tesla owners to gain control of the car’s software and information from the company, potentially transferring its identity to a new model without any involvement from Tesla. The hack could also make repairs easier, raising potential right-to-repair concerns. Fortunately, the hack cannot be performed remotely, so the most likely users would be the vehicle’s rightful owners.

Moreover, the jailbreak is possible due to an unpatchable flaw in each Tesla’s AMD processor. The researchers used cheap, off-the-shelf parts to manipulate the power flow to the system in what’s called a voltage fault injection attack. They then disrupted and reverse-engineered the initial boot-up code to gain root privileges.

The researchers published a study in April, where they used the same attack to sidestep AMD’s firmware TPM in PCs, potentially neutralizing BitLocker. This process removes an important security feature and could render Windows 11’s most controversial system requirement moot.

TPM is the sole reason Microsoft only officially supports its latest operating system on relatively recent CPUs. Voltage fault injection was also proven to successfully undermine hardware-based security on AMD server CPUs in 2021 and Intel’s Software Guard Extensions in 2020.