Academic researchers jailbreak Tesla’s infotainment system to unlock FSD and more

Tesla revolutionized the automotive industry with its cutting-edge technology. For owners that technology is mostly accessed through the main display inside the vehicle, but a group of academic researchers have recently jailbroken the automaker’s infotainment system allowing them to turn on features such as Acceleration Boost and Full Self-Driving (FSD).

According to the researchers from Technical University Berlin and independent researcher Oleg Drokin, all recent Tesla models feature MCU-Z, an AMD-based infotainment system that facilitates over-the-air (OTA) updates and also enables users to purchase features and software upgrades from within the vehicle.

The researchers discovered that by exploiting a known voltage glitching attack on the Infotainment and Connectivity ECU (ICE) board, they could bypass the AMD Secure Processor (ASP), the system’s root of trust. This glitching attack allowed them to gain root access and execute arbitrary software on the MCU-Z, effectively unlocking some of the paid in-car features without proper authorization, according to a report by DarkReading.

Not only does this exploit open access to paid features such as Acceleration Boost and heated seats, it also allowed them to access Tesla’s internal network for more sophisticated modding. This included breaking geolocation restrictions on navigation and FSD Beta, as well as the ability to transfer a vehicle’s user profile to another Tesla.

While jailbreaking an iPhone was a relatively simple task that almost anyone could do, jailbreaking your Tesla will require some technical know-how.

“Currently, our attack can be applied by people with some electronic engineering background, a soldering iron, and the ability to purchase additional hardware for about $100. We recommend using a Teensy 4.0 Development board for the voltage glitching that is readily usable with our open-sourced attack firmware. An SPI flash programmer is required, and a logic analyzer can greatly help to debug the overall attack,” Ph.D. student Christian Werling says.

While this hack allows Tesla owners to customize their vehicles and access premium features, the research team says it also poses risks. There are of course those who would use it for malicious intent, such as decrypting onboard storage and accessing private user data, including personal information, phonebooks, and calendars. But despite the newfound vulnerabilities, the team applauded Tesla’s commitment to security, which they said is ahead of the rest of the automotive industry.

The team will present their findings next week in Las Vegas at Black Hat USA under the title “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater.” They have not confirmed if they have already informed Tesla of this vulnerability. The automaker is very receptive to the findings of white hat hackers, offering generous rewards for doing so. Tesla also regularly participates in the Pwn2Own hacking contest, having given away hundreds of thousands of dollars and several Teslas over the years to successful hackers.

Are you buying a Tesla? If you enjoy our content and we helped in your decision, use our referral link to get C$2,600/US$2,000 off your purchase.
Previous Article

Tesla Model 3 delivery dates in Europe get pushed back hinting at launch of Project Highland refresh

Next Article

Tesla leases office space in India amid talks of expansion

You might be interested in …

Tesla Autopilot

Two U.S. Senators ask Federal Trade Commission to investigate Tesla’s “deceptive marketing”

On Monday the National Highway Traffic Safety Administration (NHTSA) announced they were launching an investigation into Tesla’s Autopilot driver-assist software following several crashes with emergency vehicles stopped on the side of the road. Now two […]