Researchers Find an "Unpatchable" Jailbreak for Cloning Teslas, Unlocking Paywalled Features

A security flaw in the AMD Secure Processor (ASP) allows for a vehicle's cryptographic identity to be decrypted and cloned, the team claims.

Security researchers have promised to unveil a "unpatchable" jailbreak for all modern Tesla vehicles, not only allowing the on-board infotainment system to run arbitrary code but also to potentially unlock otherwise paywalled features like rear heated seats, faster acceleration, and even membership of the Full Self Driving (FSD) beta.

"Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities," the research team explains in the abstract to a planned presentation on the topic. "More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying."

Researchers claim to have found an "unpatchable" jailbreak for modern Tesla infotainment systems, including a way to bypass feature paywalls and geographic restrictions. (📷: Tesla)

The team's presentation, to take place at Black Hat USA 2023 later this month, will cover exactly such an attack — leveraging a vulnerability in the AMD-based infotainment system fitted to recent Tesla models to enable "the first unpatchable AMD-based 'Tesla Jailbreak,'" allowing code of the user's choice to run on the system. "Second," the researchers add, "it will enable us to extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."

This latter feature means, effectively, that it's possible to "clone" a Tesla — taking an entry-level model and fooling the system into believing it's a version with paywalled features enabled, for instance, even if those features aren't available in the driver's region. The same approach could be used to make it easier to repair vehicles, too, the team notes, by allowing an existing vehicle's ID to be transferred to replacement computing hardware without Tesla's involvement.

The attack only affects vehicles using AMD's processors — introduced in models from 2022 onwards. (📷: AMD)

"For this," the researchers say, "we are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system. First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP's early boot code. We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distribution. Our gained root permissions enable arbitrary changes to Linux that survive reboots and updates."

The presentation is scheduled to take place at Black Hat USA 2023 in Las Vegas on August 9th, with more information available on the Black Hat website. Tesla was contacted for comment on the matter, but had not responded by the time of publication.

ghalfacree

Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire: freelance@halfacree.co.uk.

Latest Articles