Tesla electric cars are known for their unconventional approach in providing premium options to buyers. Rather than purchasing a fully loaded version, buyers have the option of buying a basic version and unlocking additional features through a paid subscription. This allows Tesla to earn more from car owners, as the basic version intentionally has limited functionality.
A team of researchers from the Technical University Berlin, along with independent researcher Oleg Drokin, have discovered a security vulnerability in Tesla cars. Using this vulnerability, they successfully conducted a full and irreversible jailbreak of the car’s onboard computer, allowing owners to unlock many paid functions. These unlocked privileges range from improved network throughput to faster acceleration and heated seats.
In their research, the team also found that this hacking technique provides access to Tesla’s internal network for car authentication. This opens up possibilities for advanced settings, such as removing navigation and autopilot geolocation restrictions, as well as transferring user profiles to other cars.
While potential attackers could use this vulnerability to gain access to personal data, it would require extended access to the car and tinkering with the attack. The researchers plan to present the details of this vulnerability at the upcoming Black Hat conference in Las Vegas.
To achieve their findings, the researchers used a voltage attack to undermine the security of the AMD Security Processor processor, which is fundamental to the system’s confidence. The result of the attack grants the user ROOT access, which provides full control over the car’s functions and files. This includes the ability to install and delete software, change system settings, and manipulate files throughout the system.
Although ROOT access can be useful for experienced users and developers, it also carries risks. Making incorrect changes or installing malicious software can potentially damage the device or compromise its safety.