In a recent development, an inherent vulnerability has been identified in the AMD chips employed by Tesla, allowing individuals to exploit this flaw and access premium features that were initially locked behind a paywall. While the notion of having to pay extra for certain functionalities post-purchase might seem counterintuitive, Tesla is not alone in this approach, as other automakers also implement similar strategies. These added functionalities include accelerated performance and heated rear seats, which require an additional payment. Predictably, a subset of users has been actively seeking alternative routes to unlock these features, and they have indeed succeeded.
The vulnerability emerges as a result of an unalterable chip flaw embedded within the architecture of Tesla’s AMD chips. To provide context, these chips, based on the AMD RDNA 2 architecture, specifically the Ryzen APU, serve various purposes such as facilitating Steam integration directly within the parked vehicle. These chips are incorporated in Tesla’s 2021-2022 Model X, Model S, and the 2022 Model 3 and Model Y. It’s noteworthy that these chips had previously required patching due to overheating concerns.
Reports from Hot Hardware highlight that researchers from TU Berlin have effectively circumvented some of Tesla’s software locks by exploiting a voltage fault injection attack on the AMD Security Processor (ASP). Although the architectural weakness might raise privacy concerns, it presents the advantage of bypassing Tesla’s paywall for certain features.
In accordance with the researchers’ findings, a tangible flaw within Tesla’s third-generation Media Control Unit (MCU-Z) offers distinct capabilities. First, it facilitates the execution of an unpatchable ‘Tesla Jailbreak’ on AMD-based systems, enabling the execution of arbitrary software on the infotainment platform. Second, it enables the extraction of a hardware-bound RSA key, typically unique to each vehicle, which is utilized for authentication and authorization within Tesla’s internal service network.
Upon gaining root permissions, the researchers have been able to manipulate the underlying Linux system of Tesla’s AMD hardware. This has allowed them to decrypt the encrypted NVMe storage and gain access to private user data like phonebook entries, calendar information, and more. Furthermore, this access could extend to enhancing vehicle functionalities in regions that are not officially supported.
However, it is essential to acknowledge the potential security risks associated with this vulnerability, as unauthorized access could potentially lead to hackers obtaining users’ private information. Nonetheless, the allure of complimentary premium features, such as heated seats, could lead some to overlook these concerns.
