Tesla hack exploits AMD vulnerability to access user data and unlock US$15,000 in paid software-locked features

Tesla made a splash when it announced a move to AMD-based infotainment systems, especially for their powerful graphical capabilities that would allow drivers to play games in their cars. Now, the move to AMD hardware seems to have come back to bite the EV maker after a security research group from TU Berlin (Technische Universität Berlin) announced via a Black Hat event page that it had managed to break through Tesla's defences using a known AMD exploit.

In this talk, we will present an attack against newer AMD-based infotainment systems (MCU-Z) used on all recent models. It gives us two distinct capabilities: First, it enables the first unpatchable AMD-based "Tesla Jailbreak", allowing us to run arbitrary software on the infotainment.

The hackers used off-the-shelf hardware to perform a voltage fault injection attack to get past the AMD Secure Processor, after which they could bypass early boot processes. After getting around boot security, the researchers were able to reverse-engineer the boot flow and gain root shell access to and modify Tesla's recovery and custom Linux distribution.

After going through all the work to break into the vehicle's software, the researchers discovered that their level of access allowed them to decrypt the NVMe storage and access private user data. The researchers don't mention data outside of calendar entries and contacts, but it's conceivable that location data or other such information may also be accessible.

The researchers also posit that they could use this method to gain free access to software-locked features, like Acceleration Boost, heated seats, and even Full Self-Driving

Additionally, it appears as though this vulnerability could be used to expose a TPM-protected authentication key that is used to migrate the vehicle from one owner to another.

According to the researchers, any changes made to the altered Linux distribution were shown to survive reboots and software updates, making this a particularly concerning attack method. It appears that attackers will need physical access to the vehicle and its electronics, but it's unclear how difficult the vulnerability will be to exploit in the real world.

The security researchers plan on presenting their findings at a Black Hat event on August 9.

Buy a Hot Wheels Tesla Cybertruck on Amazon.