Jailbreaking Teslas at Black Hat USA 2023

At Black Hat USA 2023, a team of German researchers announced a vulnerability that allows anyone to jailbreak (unlock) premium features which the Tesla company charges its customers extra to use. The vulnerability reported Wednesday is an attack against Tesla's latest AMD-based media control unit (MCU). According to the researchers, their jailbreak uses an already-known hardware exploit against a component in the MCU. It was responsibly reported to Tesla and fixed in a 2022.44 update, however the researchers said other attack vectors might still be possible.

In a pre-conference abstract, the researchers said they focused on the MCU because “Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying." Their talk showed how the exploit allowed them to gain access to heated rear seats, a feature that typically costs about $300 USD.

‍

The Vulnerability

According to the researchers—Christian Werling, Niclas Kuhnapfel, Hans Niklas Jacob (from TU Berlin) and Oleg Drucken (independent)—the jailbreak uses an already-known hardware exploit against a component in the MCU allowing them to run arbitrary code on on the infotainment system. The attack also uses glitching, a method of interrupting the voltage during boot to interrupt the authentication and authorization sequence. This allows an attacker to inject their own code into the sequence. It also allows an attacker to extract a unique hardware-bound RSA key used to authenticate and authorize a vehicle within Tesla's internal service network.

The root permissions enabled by exploiting this attack will allow arbitrary changes to Linux that the researchers say survive reboots and updates. Armed with this vulnerability, an attacker could further decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc.

‍

Why Can’t It Stay Patched?

The problem isn’t in the code that Telsa controls. The vulnerability is within the AMD MCU chip itself. It's how the chip was designed, how the firmware inside the chip operates, that is where the initial vulnerability can be accessed. From there, it can be chained to other vulnerabilities, which Tesla has now patched. Unfortunately, others may chain new software vulnerabilities against hardware flaw and provide similar results.

The AMD chip is not unique to Tesla, so other manufacturers could be affected.

‍

Not the First Tesla Hack (Nor the Last)

Tesla is the most prominent electric vehicle on the road, and so it attracts the most attention among researchers. The flaws found are sometimes unqiue to Tesla, and other times representative of other vehicles on the road.

For example, at CanSecWest 2022, researcher Martin Herfurt announced a new tool, TeslaKee, which he hopes will prevent wireless key attacks from happening. This is an attack that uses Bluetooth to replay mobile key commands to open doors and turn on the ignition. You can hear more about that attack in this episode of The Hacker Mind:

At CanSecWest 2021, there was another remote attack on Teslas. In a rather cool video, researchers Ralf-Philipp Weinmann, CEO of Kunnamon, and Benedikt Schmotzle of Comsecuris demonstrated at CanSecWest 2021 how a DJI Marvic 2 drone could fly over a Tesla Model X and pop open it’s doors and flash its headlights. The two researchers found the wireless communication vulnerability using AFL fuzzing. As detailed in the technical report and website created by the researchers, the vulnerability known as the T Bone attack lies within the open source Connman network manager utility (version 1.37 and earlier).

Unfortunately, given that it is open source software, the vulnerable software is not just in Tesla but other cars as well. As reported by The Drive, ConnMan is included in Bosch's Open Source Software license disclosure for Nissan Connect, Nissan AIVI, Infiniti InTouch, Renault, Suzuki, General Motors (for the model year 2019 and older Chevrolet, GMC, Buick, and Opel vehicles), and Hyundai. That vulnerability has also been fixed.

You can see the flaw for yourself within Mayhem using this GitHub example.

{{code-cta}}

‍

‍