Shulou(Shulou.com)11/24 Report--

CTOnews.com, Aug. 3 (Xinhua) according to a team of academic researchers, there is an almost irreparable loophole in the in-car entertainment system of Tesla electric vehicle, which allows car owners to unlock a series of paid functions for free, including improving acceleration performance and opening heated seats. The researchers also found that it is possible to jump from the entertainment system to Tesla's internal network for vehicle authentication, thus opening up more possibilities, including breaking through geographical restrictions on navigation and self-driving. and move Tesla's "user profile" to another car.

According to CTOnews.com, all the latest Tesla cars are equipped with an AMD-based entertainment system called MCU-Z, which can be updated with OTA to enable advanced features.

This is the target of Oleg Drokin, a group of doctoral students and independent researchers at the Technical University of Berlin. They will unveil the study for the first time at the American Black Hat Congress next week, entitled "2023 electric car jailbreak or how to turn on Tesla's x86-based heated seat."

The researchers found that a known voltage fault injection attack could bypass MCU-Z 's AMD Security processor (ASP) as long as it was physically accessible to the car's entertainment and connected to the electronic control unit (ICE) board. Doctoral student Christian Werling said: "currently, our attacks can be carried out by professionals with some electrical engineering background, using a welded iron and additional hardware purchased for about $100." We recommend using a Teensy 4.0development board for voltage fault injection, which makes it easy to use our open source attack firmware. A SPI flash programmer is also needed, and a logic analyzer can greatly help debug the entire attack. "

Werling explained that not only can voltage fault injection gain root access and run arbitrary software on MCU-Z to unlock some paid functions, but that access is almost irrevocable. " Although (voltage fault injection) is more difficult to perform than pure software attacks, the vulnerability cannot be fixed without upgrading CPU. The root permissions we have obtained can be modified arbitrarily to Linux, and these changes can remain the same after the car is restarted and updated. "

After successfully performing a fault injection attack to bypass ASP, the team was able to reverse engineer the process and eventually extract the vehicle's unique, hardware-bound RSA key for authentication and authorization to Tesla's internal service network.

"there is also a higher privilege level on the system to store keys for vehicles connecting to Tesla's network," Werling explained. "using the same attacks and complex reverse engineering of firmware-based trusted platform modules (TPM), we were able to extract these keys."

The team found that having these keys opened up a range of additional possibilities for car owners, including bypassing geographical fences for advanced features.

"Tesla has locked some functions, the most common of which is maps," said independent researcher Drokin. "only a few areas support maps, and if the vehicle happens to be outside these areas, users have no navigation support at all."

He also pointed out that vehicles in North America can use FSD Beta, while Tesla cars in Europe cannot, and such an attack "can help lift these restrictions, although it requires more reverse engineering."

In addition, with the key that Tesla uses to authenticate the vehicle, the identity of the vehicle can be transferred to another on-board computer. Drokin points out that this can come in handy if the processor is damaged. "the Model 3 on-board computer on eBay costs between $200 and $400, while Tesla sells it for $1700 to $2700 (depending on the model)," he explained. "if you just reuse ICE without configuring the key, you will lose all Tesla services for the vehicle, including application access, software and map updates."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.