A group of researchers from Technische Universität Berlin jailbroke their Tesla Model 3 so that they could bypass the cost of upgrades like rear-heated seats and other vehicle add-ons, and they will present their techniques next week at a cybersecurity conference in Las Vegas.
Christian Werling, one of the three researchers from the institute in Berlin, said they used “voltage glitching” to manipulate the supply voltage of the AMD processor that runs the Model 3’s infotainment system.
“If we do it at the right moment, we can trick the CPU into doing something else. It has a hiccup, skips an instruction, and accepts our manipulated code. That’s basically what we do in a nutshell,” Werling said in an interview with TechCrunch.
Initially, the glitching enabled the three researchers to enable the rear-heated seats in their car. “We are not the evil outsider, but we’re actually the insider. We own the car. And we don’t want to pay $300 bucks for the rear heated seats,” he added.
That was not the only thing they were able to accomplish. Additionally, they were able to extract the decryption key that authenticates the car in Tesla’s network.
This hack seems much more sinister than $300 rear-heated seats, especially as they were able to pull critical personal information like recent calendar appointments, contact lists, call logs, WiFi passwords, and even locations the vehicle visited.
It is a vulnerability that will likely catch Tesla’s attention. Tesla has encouraged security researchers to try and find vulnerabilities and open windows for hacking and has offered sizeable cash prizes, and even a Model 3, to those who are able to break through and expose shortcomings in Tesla’s cybersecurity systems.
For example, in March, Synactiv, a hacking group, successfully gained access to a Model 3 by altering internal files to gain access to the vehicle’s system.
Tesla cybersecurity measures fail, hackers win Model 3 at hacking event
The team won the Model 3 that they hacked.
I’d love to hear from you! If you have any comments, concerns, or questions, please email me at joey@teslarati.com. You can also reach me on Twitter @KlenderJoey, or if you have news tips, you can email us at tips@teslarati.com.
