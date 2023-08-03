Software-locked features in vehicles are becoming increasingly common, requiring owners to pay or subscribe to unlock them. Tesla has been at the forefront of this trend, allowing owners to activate features through software updates since the company designed its vehicles with the same hardware. These features include heated seats, acceleration boost, and the Full Self-Driving package, priced at $15,000.

A group of security researchers at TU Berlin, known as hackers, have revealed that they have discovered a vulnerability in Tesla’s onboard computer system that allows them to unlock these software-locked features. By exploiting this weakness, users can access these features without paying. The hackers plan to present their findings in a presentation titled “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater” next week.

The exploit requires physical access to the vehicle and involves a “voltage fault injection attack” on the AMD-based infotainment system. By utilizing a low-cost hardware setup, the hackers were able to subvert the early boot code of the AMD Secure Processor, which is the root of trust for the system. This allowed them to gain control over the system and run arbitrary software on the infotainment.

The hackers also claim that their “Tesla Jailbreak” is unpatchable and can extract a unique hardware-bound RSA key used for authentication and authorization within Tesla’s internal service network. They believe that with further reverse-engineering, they can unlock virtually all software-locked features, including Full Self-Driving.

It is common for hackers to share these exploits with Tesla to help the company improve its system security. However, in this case, the hackers have stated that they believe Tesla’s security is better than other automakers. Tesla has made significant efforts to enhance its cyber security measures in recent years.

Overall, the hackers’ findings highlight the vulnerability of software-locked features in vehicles and emphasize the importance of robust security measures in place to protect against unauthorized access and exploitation.