Tesla Hackers Claim to Unlock Pay-For Upgrades for Free

White Hat hackers claim to have been able to unlock a host of subscription upgrades in Tesla cars for free while opening the door to much more malicious cyber-security threats.

Added functions, including heated seats, extended battery range and extra performance, are all available on Tesla cars without subscription from the basic hack, researchers claim. Our sister website Dark Reading reports that a team of doctoral students from the graduate program at Technical University Berlin claim it is also possible to go through the infotainment system and pivot to the internal Tesla network for authenticating cars, which creates a route to more advanced modification, including breaking geolocation restrictions on navigation and self-driving, and the ability to migrate the Tesla’s “user profile” to another vehicle.

In line with the brand’s often trumpeted innovation focus, all recent Tesla models employ an AMD-based infotainment system known as MCU-Z, enabling an in-car purchase scheme for advanced features, which can be enabled as over-the-air (OTA) upgrades. This was the attack surface the researchers used and hope to present at Black Hat USA in a session entitled Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater.

The team claim that physical access to the car’s infotainment and connectivity ECU board can give access to a host of upgrades. Ph.D. student Christian Werling told Dark Reading: “Currently, our attack can be applied by people with some electronic engineering background, a soldering iron and the ability to purchase additional hardware for about $100. We recommend using a Teensy 4.0 Development board for the voltage glitching that is readily usable with our open-sourced attack firmware. An SPI flash programmer is required and a logic analyzer can greatly help to debug the overall attack.”

Beyond simple subscription by-passing, the hackers prove the Tesla systems are prone to more serious cyber assaults. They claim a cyber attacker could decrypt the car’s on-board storage and access private user data such as the phonebook and calendar entries and, potentially, the owner’s personal information.

Werling said: “The identity migration could enable an attacker to impersonate another Tesla customer, at least temporarily,” allowing someone else to hijack someone’s profile (and features). However, he did concede that Tesla enjoys better cyber-security than several other automakers adding: “Where Tesla differs from pretty much all other vendors is the physical security of their car systems approaching the level you see on well-secured cellphones of established vendors, which is very uncommon in the car world.”

— Paul Myles is a seasoned automotive journalist based in Europe. Follow him on Twitter @Paulmyles_  and Threads

Leave a comment

Your email address will not be published. Required fields are marked *