A rising trend among luxury car manufacturers is to install all the necessary fixtures and features into a car, but to prohibit their use with software locks unless the buyer pays a subscription fee to unlock them.
This approach makes sense in that it makes the manufacturing process a much simpler affair for the factories who assemble the vehicles as they only need to tool up for one run of vehicle specification, thus making the process cheaper and more efficient.
It also makes sense for the buyer, in that if someone cannot afford to have heated seats as an option when they buy the vehicle for example, they can lease the feature at a later date – maybe just during the summer months. Effectively making luxury car ownership a more affordable affair for many.
Target of opportunity
Having such features physically in a vehicle, but unavailable by some form of security control makes for a very nice puzzle for hackers and security researchers.
Once such group of researchers have now found a novel way to unlock all the features of a Tesla Model 3 – and it’s a hack which Tesla wont be bale to fix anytime soon.
You have an upgrade, and you have an upgrade…
Researchers at the Technische Universitat in Berlin, bought a Tesla model 3 and started looking at how the premium features were locked from users.
Rather than try to break the software coding that they systems uses, or crack the encryption that is used to block user access, the researchers turned their attention to the way the AMD processor in the vehicles entertainment system processed signals.
Considering the fact that nearly all the features of a Tesla are accessed and controlled through the entertainment centre, it seemed the logical place to look.
BlackHat 2023 briefing
The research team revealed the full details of how they managed to infiltrate the cars system and unlock all the features at the Blackhat 2023 conference.
The talk was delivered on Wednesday, and at this point in time, no recordings of the briefing have been officially released.
What is known is that the researchers used a technique called voltage fault injection at carefully timed intervals to cause the AMD processor to glitch which allowed for the injection of code which the processor then executed resulting in the researchers obtaining root privledges to the underlying Linux operating system.
The root access allowed the researchers full control of the vehicle, thus allowing them to enable previously locked features, but also the ability to extract user data from the vehicle, such as phone contact data, call logs, wifi- passwords, GPS history, and session tokens from accessed online accounts (email, social media, etc.)
No easy fix
Because the attack targets the physical attributes of the AMD processor, this approach to unlocking features is one which Tesla will not be able to remedy easily
It could mean that all Tesla owners could have free upgrades quite soon, once the full details emerge of how the attack works, it will not take long for others to build plug & play systems to unlock the features on a commercial scale.
