In what sounds like the automotive equivalent of circumventing an online paywall, researchers have hacked Tesla’s infotainment system to unlock some of the features the brand normally charges for. The team behind the effort is scheduled to present its findings at a conference in Las Vegas.
You’re on the wrong track if you’re picturing the researchers huddled in a dark room with wall-to-wall screens, cartoon villain-style. Christian Werling, a student at Technische Universität Berlin who participated in the project, told TechCrunch that unlocking paid features requires getting physical access to the car. It can’t be done wirelessly but once you’re in, you’re in. It’s referred to as “jailbreaking” a car — named for the strategy utilized by owners who decouple their iPhones and other devices from Apple’s rigid walled-garden structure.
“We are not the evil outsider, but we’re actually the insider; we own the car. And, we don’t want to pay these $300 for the rear heated seats,” he told the publication. He added that his team got heated rear seats for free by digging into the hardware that the system is based on.
Leveraging a technique called voltage glitching gave the researchers access to the content. Werling said that his colleagues merely had to “fiddle around” with the supply voltage of the AMD processor that powers the infotainment system. “If we do it at the right moment, we can trick the CPU into doing something else. It has a hiccup, skips an instruction, and accepts our manipulated code,” he explained.
More alarmingly, this trick gave the researches access to a host of personal data stored in the car’s infotainment system. This includes the driver’s list of contacts, calendar appointments, call logs, Wi-Fi passwords, and even some of the locations that the car traveled to.
The researchers haven’t exploited the full potential of their discovery. They told TechCrunch they might be able to gain access to additional paid features, including the Full Self-Driving capability. There might also be a way to make region-specific functions available globally, and the researchers gained access to the encryption key that identifies a specific car on the Tesla network, which could lead to other attacks.
Although we’ve seen Tesla fix numerous bugs, including an earlier security breach, via its over-the-air software updating system, it sounds like this vulnerability will be more difficult to fix. The researchers believe that Tesla will need to replace the hardware that they’re tapping into.
We’ll learn more about how the researchers hacked Tesla’s technology at the Black Hat cybersecurity conference opening on August 5.
Tesla hasn’t commented on the matter.