With weak AMD processors, paid Tesla add-ons can be unlocked for free
The situation is exacerbated by the fact that it is said that the weakness that enables the ruse cannot be rectified.
Tesla is one of the pioneers of the solution, under which extras that owners weren’t willing to pay for at the time of the car’s seizure can be unlocked on manufacturer models even later, via software. The procedure, which can be completed without visiting the service, is in principle convenient for both customers and the manufacturer, but it can also attract the attention of hackers trying to unlock locked options.
Researchers at the Technical University of Berlin (Technische Universität Berlin, TU Berlin) have now discovered a serious vulnerability that can be used to bypass manufacturer restrictions, clearing the way for premium services.
The key to this method is the Media Control Unit (MCU), which controls the Tesla’s infotainment system, which already uses AMD Ryzen chips in its third generation. The TU Berlin team managed to crack this device by abusing a known vulnerability in the Zen 2 and Zen 3 family of processors, which, as far as we know, does not contain an antidote, so it doesn’t look like this backdoor will ever be closed.
the tom devices based on his report The researchers called the effort error injection attack, which eventually gained root privileges to modify the Linux-based system. Using this method, hackers can even decrypt encrypted NVMe storage, access private data such as phone numbers and registry entries, as well as run an arbitrary program on the T-V’s center screen.
Of course, the most exciting option is to unlock extensions, but here the possibilities are not unlimited, but access to paid functions varies depending on the type. In the case of the 2021 3 SR+ model, for example, the steering wheel heating + heated rear seat package, which otherwise costs $300, has been unlocked by researchers at TU Berlin, but more details won’t be revealed until Aug. 9. at the Black Hat hacker conference in Las Vegas. the team
However, the initial report reveals that the vulnerability can even extract cars’ unique RSA keys, which are used by the manufacturer to authenticate cars. In practical terms, this means that vehicles that Tesla has disabled from the Supercharger charging network due to the risk of breakage or water damage can be reactivated via software.