Researchers jailbreak a Tesla to get free in-car feature upgrades
Reading Time: 2 minutesA group of researchers said they have found a way to hack the hardware underpinning Tesla’s infotainment system, allowing them to get what normally would be paid upgrades — such as heated rear seats — for free.
The researchers will present their research next week at the Black Hat cybersecurity conference in Las Vegas.
Christian Werling, one of the three students at Technische Universität Berlin who conducted the research along with another independent researcher, said that their attack requires physical access to the car, but that’s exactly the scenario where their jailbreak would be useful.
The technique they used to jailbreak the Tesla is called voltage glitching. Werling explained that what they did was ‘fiddle around’ with the supply voltage of the AMD processor that runs the infotainment system.
‘If we do it at the right moment, we can trick the CPU into doing something else. It has a hiccup, skips an instruction and accepts our manipulated code. That’s basically what we do in a nutshell,’ he said.
With the same technique, the researchers said they were also able to extract the encryption key used to authenticate the car to Tesla’s network. In theory, this would open the door for a series of other attacks, but the researchers said they still have to explore the possibilities in this scenario.
The researchers said they were also able to extract personal information from the car such as contacts, recent calendar appointments, call logs, locations the car visited, Wi-Fi passwords and session tokens from email accounts, among others. This is data that could be attractive to people who don’t own that particular car, but still have physical access to it.
Mitigating the hardware-based attack that the researchers achieved is not simple. In fact, the researchers said, Tesla would have to replace the hardware in question.
Tesla did not respond to a request for comment.
- Russia-backed hackers used Microsoft Teams to breach government agencies
- Mondee security lapse exposed flight itineraries and unencrypted credit card numbers
- HackerOne lays off 12% workforce as ‘one-time event’
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG