The researchers will present their research next week at the Black Hat cybersecurity conference in Las Vegas.

Christian Werling, one of the three students at Technische Universität Berlin who conducted the research along with another independent researcher, said that their attack requires physical access to the car, but that’s exactly the scenario where their jailbreak would be useful.

“We are not the evil outsider, but we’re actually the insider, we own the car,” Werling told TechCrunch in an interview ahead of the conference. “And we don’t want to pay these $300 for the rear heated seats.”

The technique they used to jailbreak the Tesla is called voltage glitching. Werling explained that what they did was “fiddle around” with the supply voltage of the AMD processor that runs the infotainment system.

“If we do it at the right moment, we can trick the CPU into doing something else. It has a hiccup, skips an instruction and accepts our manipulated code. That’s basically what we do in a nutshell,” he said.

With the same technique, the researchers said they were also able to extract the encryption key used to authenticate the car to Tesla’s network. In theory, this would open the door for a series of other attacks, but the researchers said they still have to explore the possibilities in this scenario.

The researchers said they were also able to extract personal information from the car such as contacts, recent calendar appointments, call logs, locations the car visited, Wi-Fi passwords and session tokens from email accounts, among others. This is data that could be attractive to people who don’t own that particular car, but still have physical access to it.

Mitigating the hardware-based attack that the researchers achieved is not simple. In fact, the researchers said, Tesla would have to replace the hardware in question.

Tesla did not respond to a request for comment.

  • MrPoopyButthole@lemmy.world
    link
    fedilink
    English
    arrow-up
    109
    arrow-down
    1
    ·
    11 months ago

    If I rent something then feel free to offer me upgrades to that rental (like rear heated seats) but if I purchased the product then fuck off its mine and I should be able to do what I want with all of its hardware.

    • remotelove@lemmy.world
      link
      fedilink
      English
      arrow-up
      27
      ·
      11 months ago

      I feel the same.

      If I ever get a Tesla, which I won’t, it would get hacked to shreds. I am not a fan of getting something sold to me that I already purchased.

      • Black_Gulaman@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        11 months ago

        The only problem I see with that is, once they notice that you tampered with the car, they will deny service of repair and maintenance work.

          • Black_Gulaman@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            1
            ·
            edit-2
            11 months ago

            yeah they do that to legit customers. but I’m assuming that they have a special kind of “package” for those who dare circumvent the drm implemented by Elon. because, as we know, he has a fragile ego and defying him would mean unleashing his petty hell unto these customers.

    • Thorny_Thicket@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      4
      ·
      11 months ago

      I wish people would apply this logic to Apple aswell but they generally seem to let it slide because they like the company

      • gapbetweenus@feddit.de
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        3
        ·
        11 months ago

        I use a macbook, what functions are looked behind a paywall? Curious what am I missing.

        • Thorny_Thicket@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          2
          ·
          11 months ago

          I’m not sure about macs but on iPhones several components are coded to that specific device so it limits functions if you take it get repaired anywhere else but at Apple.

          • gapbetweenus@feddit.de
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            2
            ·
            11 months ago

            Ah, forgot about it - don’t have an iPhone. But that is also really shitty, but a bit different. Apple has for sure some shitty practices - there is no arguing around it.

            • Thorny_Thicket@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              1
              ·
              11 months ago

              The main point is that since it’s your device you should be allowed to do what ever you like with it including repair it yourself. In that case it feels a bit like you’re renting it because every time something goes wrong you need to take it back to Apple.

              • gapbetweenus@feddit.de
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                11 months ago

                No arguing from my side. Now that you say it - I need to replace a battery on an older macbook and don’t do it, because it’s expensive and I’m too lazy to do it my self, since it’s unnecessary complicated.

      • Dark_Blade@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        With Apple, people generally let it slide because electronics aren’t as expensive and don’t last as long. Cars, on the other hand, are extraordinarily expensive and they’re supposed to last a lot longer than a phone.

        Plus, at least Apple doesn’t (for example) charge you extra just to ‘unlock’ more performance on your phone.

    • Solivine@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      2
      ·
      11 months ago

      Well that’s the future they want anyway - for you to own nothing and be happy