A security researcher along with three PhD students from Germany have reportedly found a way to exploit Tesla’s current AMD-based cars to develop what could be the world’s first persistent “Tesla Jailbreak.”
The team published a briefing ahead of their presentation at next week’s Blackhat 2023. There, they will present a working version of an attack against Tesla’s latest AMD-based media control unit (MCU). According to the researchers, the jailbreak uses an already-known hardware exploit against a component in the MCU, which ultimately enables access to critical systems that control in-car purchases—and perhaps even tricking the car into thinking these purchases are already paid for.
“Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities,” wrote the researchers in the briefing. “More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying.”
Separately, the attack will allow researchers to extract a vehicle-specific cryptography key that is used to authenticate and authorize a vehicle within Tesla’s service network.
According to the researchers, the attack is unpatchable on current cars, meaning that no matter what software updates are pushed out by Tesla, attackers—or perhaps even DIY hackers in the future—can run arbitrary code on Tesla vehicles as long as they have physical access to the car. Specifically, the attack is unpatchable because it’s not an attack directly on a Tesla-made component, but rather against the embedded AMD Secure Processor (ASP) which lives inside of the MCU.
It’s unclear of the specifics of this attack, at least until next week’s talk, but researchers say that they use “low-cost, off-the-self hardware” to accomplish it. This attack is complicated, but using a previous presentation at Black Hat 2022 given in part by Niklas Jacob…