Hackers Figured Out How To Unlock Expensive Tesla EV Features Without Paying
Many of the most attractive premium features in Tesla vehicles are things that all of the cars are physically capable of but are locked down at the software level. Since there are always security researchers and hackers trying to pick those proverbial locks, it was inevitable that someone would figure it out. And as of this week, that has finally happened.
According to a new report from TechCrunch, the jailbreak was discovered by three Ph.D. candidate student researchers at Germany's Technische Universität Berlin. They plan on presenting their findings at next week's Black Hat cybersecurity conference in Las Vegas.
"We are not the evil outsider, but we're actually the insider, we own the car," researcher and TU Berlin Ph.D. candidate Christian Werling told TechCrunch. "And we don't want to pay these $300 for the rear heated seats."
Specifically, he and his colleagues used a technique called voltage glitching or a voltage fault injection attack to disrupt the AMD processor that powers the car's Tesla Infotainment System and get it to do their bidding. "If we do it at the right moment, we can trick the CPU into doing something else," Welling added. "It has a hiccup, skips an instruction, and accepts our manipulated code. That's basically what we do in a nutshell."
Researchers say there's no way to patch exploit
According to the report, this new exploit could also enable hackers to activate the $15,000 self-driving feature in regions where it's locked out, though the researchers haven't tried that themselves yet. But since the vulnerability — while affecting software capabilities — is hardware-based, Tesla can't patch it, with the researchers telling TechCrunch that a fix would require replacing the affected hardware. Tesla did not respond to TechCrunch's request for comment on the exploit.
This is far from the first time that Teslas have been hacked, but the effects are much further-reaching than past exploits allowed. Past hacks include discovering the ability to do a targeted takeover of a specific Model S car, shutting it down via a connected laptop, and rooting the Model 3 to run Ubuntu on it, among other tweaks both innocuous and malevolent. Tesla tries to keep an eye on such efforts, though, as one driver found out in 2014 when the Tesla service center called him after he used an exploit to install Firefox on their Model S's dashboard displays.