Tag Archive for: Tesla’s

Hackers have discovered a loophole to ‘jailbreak’ Tesla’s paywall-blocked driving features, saving them thousands

/in


Tesla has been at the forefront of the electric vehicle movement. But has also pioneered another aspect of the car industry — software-defined vehicles, or SDVs — that has not been quite as universally popular.

SDVs basically mean that some Tesla features, which are already built into the cars, are locked behind a paywall, requiring customers to pay extra if they want to use them. Some features in this category include a heated steering wheel, footwell lights, an “acceleration boost,” or the brand’s $15,000 Full Self-Driving feature.

Now, a group of hackers has discovered a way to “jailbreak” those paywalled features, and it looks like Tesla can’t do anything about it.

The team of hackers from Germany — a security researcher and three Ph.D. students — figured out a way to trick Tesla’s Media Control Unit (MCU) into thinking that certain purchases had already been made.

The reason that Tesla is powerless to stop it is that the MCU operates using a computer processor made by another company, called AMD. The hack targets AMD’s technology instead of Tesla’s proprietary tech.

In order for Tesla to stop this hack from spreading, it would have to physically swap out the MCUs in its cars with a new type of processor. That said, it’s possible the practice could invalidate warranties or other software updates if ever detected by Tesla, as is often the case with mobile phone and video game hardware.

The German team of hackers will soon present their findings at the BlackHat 2023 cyber security event, where they may give more details about how they accomplished the feat, potentially allowing other tech-savvy Tesla drivers to jailbreak features on their own.

For customers who have had issues with Tesla’s SDVs in the past — the company has been forced to settle multiple lawsuits around its automatic software updates, which customers have alleged have violated their consumer rights — this news could be taken as a bit of schadenfreude.

For Tesla, though, the news is surely worrying, as getting customers to make what are essentially in-app purchases after they have already bought a car is a big part of the EV maker’s business model.

But the company also has other things…

Source…

Hackers crack Tesla’s software to get free features

/in


Hackers claim to have figured out how to unlock self-driving updates and other premium features on Tesla vehicles without paying for them.

The group of researchers from TU Berlin who discovered the “jailbreak” claim that it is unpatchable, meaning the electric car maker will not be able to prevent people from exploiting the hack without replacing the actual hardware of the vehicles.

“Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities,” the researchers wrote in a briefing that detailed their discovery.

“More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analogue features like faster acceleration of rear heated seats.

“As a result, hacking the embedded car computer could allow users to unlock these features without paying.”

The cyber attack targets Tesla’s Media Control Unit (MCU) infotainment system found on all recent models, using a technique known as voltage glitching to take advantage of a known flaw with the AMD processor in the MCU.

The attack exposes personal information, such as contacts and appointments, however it requires physical access to the car in order to work.

Premium features that Tesla blocks behind a paywall include Acceleration Boost, costing $2,000, and Full Self-Driving, which costs $15,000. Not all software upgrades were tested by the researchers, and it is not clear if the hack would unblock all of them.

The exploit will be presented at the Black Hat cyber security conference in Las Vegas on Wednesday, 9 August, in a presentation titled ‘Jailbreaking an electric vehicle in 2023 or what it means to hotwire Tesla’s x86-based seat heater’.

Tesla did not respond to a request for comment from The Independent.

Source…

Hackers Unlock Tesla’s $15,000 Software-Locked Features: ‘Jailbreaking’ – Tesla (NASDAQ:TSLA)

/in


Hackers have discovered an exploit to unlock Elon Musk’s Tesla’s TSLA software-locked features, Electrek reports.

A group of security researchers at TU Berlin found a weakness in Tesla’s onboard computer, enabling them to unlock features such as heated seats, acceleration boost, and the Full Self-Driving package. These features, typically activated by owner payment or subscription, can cost up to $15,000.

The hack, dubbed “Tesla Jailbreak,” requires physical access to the vehicle and involves a “voltage fault injection attack” on the AMD-based infotainment system. The researchers claim their exploit is “unpatchable” and allows the running of “arbitrary software on the infotainment.”

Despite the exploit, the hackers believe Tesla’s security is superior to other automakers. They plan to present their findings in a presentation titled “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater” next week.

Image via Shutterstock

Read Next: Tesla, Rivian Could Clash In California Court Over Trade Secrets Issue: What You Need To Know

Engineered by Benzinga Neuro, Edited by
Pooja Rajkumari

The GPT-4 Benzinga Neuro content generation system exploits the extensive Benzinga Ecosystem, including native data, APIs, and more to create comprehensive and timely stories for you.
Learn more.

Source…

Bluetooth hack compromises Teslas, digital locks, and more

/in


A group of security researchers has found a way to circumvent digital locks and other security systems that rely on the proximity of a Bluetooth fob or smartphone for authentication.

Using what’s known as a “link layer relay attack,” security consulting firm NCC Group was able to unlock, start, and drive vehicles and unlock and open certain residential smart locks without the Bluetooth-based key anywhere in the vicinity.

Tesla Model 3 keycard.

Sultan Qasim Khan, the principal security consultant and researcher with NCC Group, demonstrated the attack on a Tesla Model 3, although he notes that the problem isn’t specific to Tesla. Any vehicle that uses Bluetooth Low Energy (BLE) for its keyless entry system would be vulnerable to this attack.

Many smart locks are also vulnerable, Khan adds. His firm specifically called out the Kwikset/Weiser Kevo models since these use a touch-to-open feature that relies on passive detection of a Bluetooth fob or smartphone nearby. Since the lock’s owner doesn’t need to interact with the Bluetooth device to confirm they want to unlock the door, a hacker can relay the key’s Bluetooth credentials from a remote location and open someone’s door even if the homeowner is thousands of miles away.

How it works

This exploit still requires that the attacker have access to the owner’s actual Bluetooth device or key fob. However, what makes it potentially dangerous is that the real Bluetooth key doesn’t need to be anywhere near the vehicle, lock, or other secured devices.

Instead, Bluetooth signals are relayed between the lock and key through a pair of intermediate Bluetooth devices connected using another method — typically over a regular internet link. The result is that the lock treats the hacker’s nearby Bluetooth device as if it’s the valid key.

As Khan explains, “we can convince a Bluetooth device that we are near it — even from hundreds of miles away […] even when the vendor has taken defensive mitigations like encryption and latency bounding to theoretically protect these communications from attackers at a distance.”

The exploit bypasses the usual relay attack protections as it works at a very low level of the Bluetooth stack, so it doesn’t…

Source…