A team of researchers from Germany has successfully jailbroken a Tesla Model 3, granting unrestricted access to in-car features that are typically available as paid upgrades.
The group of white hat hackers, consisting of three students from Technische Universität Berlin in Germany, disclosed that they found a method to hack into the hardware powering the Tesla Model 3’s infotainment system, effectively jailbreaking the vehicle.
According to one of the students, the attack required physical access to the car, a scenario in which their jailbreak could prove beneficial. For instance, it could cater to owners who prefer not to pay extra for upgrades that are already present in their vehicle, such as heated rear seats.
“We are not the evil outsider, but we’re actually the insider, we own the car. And we don’t want to pay these $300 bucks for the rear heated seats,” explained Christian Werling, during an interview with TechCrunch ahead of the Black Hat cybersecurity conference in Las Vegas, where the team will present their research.
It is worth noting that newer Tesla Model 3 vehicles come equipped with heated rear seats as standard, which implies that the researchers worked on an older model.
The researchers employed a technique called “voltage glitching” to execute the jailbreak. They tampered with the supply voltage of the AMD processor responsible for running the infotainment system.
Werling elaborated, stating that they manipulated the CPU at the right moment, inducing a hiccup that caused it to skip an instruction and accept their modified code. This process facilitated the jailbreak.
Utilizing the same technique, the researchers claimed to have obtained the encryption key responsible for authenticating the car to Tesla’s network. While this discovery could potentially open the door to various other attacks, they asserted that they need to further explore the possibilities.
Nevertheless, with access to the encryption key, the researchers managed to extract critical personal information from the car. This included contacts, call logs, recent calendar appointments, locations the car visited, Wi-Fi passwords, and session tokens from email accounts, among other sensitive data. The researchers highlighted that this type of information could be attractive to individuals who do not own a specific Tesla Model 3 vehicle but have physical access to it.
The team also noted that the only effective defense Tesla can implement against this type of hardware-based attack is to replace the affected hardware components.
