Photo: TU Berlin
Although Tesla software is one of the most secure in the business, this doesn't mean Tesla EVs are unhackable. In the summer, white hat hackers demonstrated a so-called voltage fault injection attack that allowed unlimited access to the Tesla operating system. Six months later, the vulnerability is still present in Tesla's vehicles.
Tesla has been praised for its software, which is one of the features that make its EVs stand out. It's not only good, but it's also secure, with few vulnerabilities that security researchers (or hackers, god forbid!) could exploit. To make sure it stays that way, Tesla often partners with the white-hat hacker community, sponsoring hacking contests. This involvement allows Tesla to harness the most brilliant ideas in IT security for the benefit of quickly discovering new vulnerabilities in its software.
Earlier this year, during the Pwn2Own hacking contest, security researchers proved that they could gain complete control over Tesla's infotainment system. In this case, the attack used a Bluetooth chipset vulnerability to compromise systems deep within the vehicle, a first for Tesla. The same team also demonstrated how a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla's Gateway energy management system allowed them to gain complete access.
These are the kinds of attacks that only the most sophisticated hackers can carry out. However, a few months later, researchers from Technical University Berlin managed a severe attack using inexpensive tools. They used a voltage fault injection attack to gain root access to the MCU-Z (AMD-based) infotainment system of Tesla EVs. This means complete control over the Tesla operating system and access to Tesla's most sensitive data.
During the Black Hat USA event in Las Vegas, the team showed how they could enable paid features, including the mysterious "Elon Mode." This is like jailbreaking the Tesla infotainment system to gain access to all the functions (including secret ones) for free. However, the implications were much more severe, allowing unscrupulous attackers to decrypt the file system and access private user data. Although the attack required the hackers to have physical access to the MCU-Z infotainment system's board, it's nothing industrial espionage wouldn't do to get access to classified information.
You'd think that knowing about this vulnerability, Tesla patched it to stay on the safe side. However, six months after the Black Hat USA event, things haven't changed. The same team from TU Berlin went further into their research using the same voltage fault injection attack. They were able to extract arbitrary code and user data from the Tesla computer, including cryptographic keys and essential system parts. All they needed were tools that cost around $600.
This allowed them to see, for instance, which data Tesla collects to train its neural networks and which is discarded. The study showed how easy it was to get access to Tesla's intellectual property. This is a boon for rival companies that want to copy Tesla, which certainly have the means and the will to carry out similar attacks on Tesla vehicles. The fact that they need to gain physical access to the circuit board is irrelevant in this case. Potentially, all MCU-Z vehicles are vulnerable to this type of attack since they share similar circuit boards.
Earlier this year, during the Pwn2Own hacking contest, security researchers proved that they could gain complete control over Tesla's infotainment system. In this case, the attack used a Bluetooth chipset vulnerability to compromise systems deep within the vehicle, a first for Tesla. The same team also demonstrated how a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla's Gateway energy management system allowed them to gain complete access.
These are the kinds of attacks that only the most sophisticated hackers can carry out. However, a few months later, researchers from Technical University Berlin managed a severe attack using inexpensive tools. They used a voltage fault injection attack to gain root access to the MCU-Z (AMD-based) infotainment system of Tesla EVs. This means complete control over the Tesla operating system and access to Tesla's most sensitive data.
During the Black Hat USA event in Las Vegas, the team showed how they could enable paid features, including the mysterious "Elon Mode." This is like jailbreaking the Tesla infotainment system to gain access to all the functions (including secret ones) for free. However, the implications were much more severe, allowing unscrupulous attackers to decrypt the file system and access private user data. Although the attack required the hackers to have physical access to the MCU-Z infotainment system's board, it's nothing industrial espionage wouldn't do to get access to classified information.
You'd think that knowing about this vulnerability, Tesla patched it to stay on the safe side. However, six months after the Black Hat USA event, things haven't changed. The same team from TU Berlin went further into their research using the same voltage fault injection attack. They were able to extract arbitrary code and user data from the Tesla computer, including cryptographic keys and essential system parts. All they needed were tools that cost around $600.
This allowed them to see, for instance, which data Tesla collects to train its neural networks and which is discarded. The study showed how easy it was to get access to Tesla's intellectual property. This is a boon for rival companies that want to copy Tesla, which certainly have the means and the will to carry out similar attacks on Tesla vehicles. The fact that they need to gain physical access to the circuit board is irrelevant in this case. Potentially, all MCU-Z vehicles are vulnerable to this type of attack since they share similar circuit boards.
my method predates this newly developed one by several years.
— green (@greentheonly) December 30, 2023
But this new one is very potent.
Google News