Researchers Find an "Unpatchable" Jailbreak for Cloning Teslas, Unlocking Paywalled Features

Security researchers have promised to unveil a "unpatchable" jailbreak for all modern Tesla vehicles, not only allowing the on-board infotainment system to run arbitrary code but also to potentially unlock otherwise paywalled features like rear heated seats, faster acceleration, and even membership of the Full Self Driving (FSD) beta.

"Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities," the research team explains in the abstract to a planned presentation on the topic. "More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying."

The team's presentation, to take place at Black Hat USA 2023 later this month, will cover exactly such an attack — leveraging a vulnerability in the AMD-based infotainment system fitted to recent Tesla models to enable "the first unpatchable AMD-based 'Tesla Jailbreak,'" allowing code of the user's choice to run on the system. "Second," the researchers add, "it will enable us to extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."

This latter feature means, effectively, that it's possible to "clone" a Tesla — taking an entry-level model and fooling the system into believing it's a version with paywalled features enabled, for instance, even if those features aren't available in the driver's region. The same approach could be used to make it easier to repair vehicles, too, the team notes, by allowing an existing vehicle's ID to be transferred to replacement computing hardware without Tesla's involvement.

"For this," the researchers say, "we are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system. First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP's early boot code. We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distribution. Our gained root permissions enable arbitrary changes to Linux that survive reboots and updates."

The presentation is scheduled to take place at Black Hat USA 2023 in Las Vegas on August 9th, with more information available on the Black Hat website. Tesla was contacted for comment on the matter, but had not responded by the time of publication.