In a groundbreaking demonstration of innovative hacking techniques, researchers from Technische Universität Berlin in Germany have successfully performed a ‘jailbreak’ on a Tesla Model 3, granting unauthorized access to features typically reserved for paid upgrades. Utilizing a unique hardware manipulation technique known as “voltage glitching,” the team bypassed the vehicle’s built-in security measures by manipulating the supply voltage of the AMD processor powering the infotainment system. By causing the CPU to ‘hiccup’ and skip an instruction, they were able to introduce manipulated code.
Jailbreak unlocks paid upgrades in Tesla model 3
One of the students involved in the research, Christian Werling, the potential benefits of this approach, particularly for car owners who are unwilling to pay additional fees for features that are already present in their vehicles. He emphasized their ownership of the car, stating, “We’re not the evil outsider; we own the car. And we don’t want to pay these $300 bucks for the rear heated seats.” This perspective challenges the notion of ‘jailbreaking’ as an inherently malicious act, instead framing it as a means for users to exercise control over their own property.
While the ability to unlock paid upgrades is undoubtedly intriguing, the researchers’ achievement went far beyond accessing in-car features. They were also able to extract the encryption key that authenticates the car to Tesla’s network. This meant that they could gain access to sensitive personal data, including contact details, call logs, calendar appointments, location history, Wi-Fi passwords, and email session tokens. It is worth noting, however, that the team has insisted their research is exploratory in nature and not intended for malicious purposes.
The implications of this discovery are twofold. Firstly, it is a vulnerability in Tesla’s security measures, as the only viable defense against this hardware-based attack appears to be a complete hardware replacement. Secondly, it raises important questions about vehicle cybersecurity and the ongoing ‘right-to-repair’ debate. As cars become increasingly connected and dependent on software, it becomes crucial to ensure that users have the ability to maintain and modify their vehicles without compromising security.
As the Technische Universitat Berlin, researchers prepare to present their findings at the upcoming Black Hat cybersecurity conference in Las Vegas, their work shines a light on the pressing need for improved security measures in the automotive industry. It also serves as a reminder that the true impact of ‘jailbreaking’ extends far beyond unlocking a few features; it prompts us to reflect on our rights as owners and users of digital devices.