Researchers Find AMD Chip Flaw in Tesla Vehicles
Researchers from TU Berlin have found a way to exploit an AMD processor flaw in Tesla vehicles that could enable owners to access and even unlock paid feature upgrades without having to pay for them. The researchers have not yet revealed exactly which features can be accessed, but the findings raise concerns about potential vulnerabilities in the electric car manufacturer’s software.
A Tesla spokesperson said, “We are aware of this research and our security teams are in touch with their authors.” The spokesperson added that “software and firmware updates protect against potential exploitation.”
The researchers explain that the attack works on the onboard computer known as MCU-Z, which is the third-generation MCU based on AMD Ryzen SoC. The MCU controls touch screen, navigation, and entertainment systems in Tesla vehicles.
The researchers use a voltage fault injection attack on MCU-Z to enable decryption of objects stored in the Trusted Platform Module (or TPM). The TPM is a secure element that stores sensitive data such as cryptographic keys.
The researchers say that after the attack, attackers can gain access to private user data, which in turn enables access to various Tesla subsystems and paid features. Some features that the researchers say can be accessed without having to pay for them include the Cold Weather Feature in the 2021 Model 3 SR+ vehicles.
Other features, which were previously locked behind a paywall, may be accessible as well. The researchers say that their exploit confirmed works with unlocking the Cold Weather Feature but that they believe it can also be used to “unlock various other Tesla subsystems and even paid features.” They add that they will present more details at the Blackhat conference.
“This is basically unpatchable,” the researchers say. “We believe that Tesla has no solution for this at the moment.” They add that the only way for Tesla to mitigate it would be to redesign MCU-Z.
The researchers also note that the attack can extract a unique hardware-bound RSA key for accessing Tesla services. This means that salvage-titled Teslas could potentially access the Supercharging network against Tesla’s intentions.
This isn’t the first time that TU Berlin researchers have found a way to exploit Tesla vehicles. In December 2018, the same research team discovered the original voltage fault injection attack. This flaw allowed them to unlock a Tesla Model S and drive it into a parking garage.
As the research team prepares to present their latest findings at the Blackhat conference, it is possible that they will reveal even more accessible feature upgrades.