Tesla has been locking certain features for vehicle owners behind a paywall. Dumb as it sounds to have to deal with in-car purchases after you've already paid for the car outright, Tesla isn't the only car manufacturer doing this, but its owners are asked to pay extra for things like faster acceleration and heated rear car seats. And there are inevitably those who have been searching for a backdoor—and find one, they have.
It comes in the form of an unpatchable chip flaw in the architecture of Tesla's AMD chips. For context this is the same AMD RDNA 2-based Ryzen APU that allows for Steam integration actually in the car when parked up (found in Tesla's 2021-2022 Model X, and Model S and 2022 Model 3 and Model Y). It's also the one that had to be patched after overheating issues were spotted.
As Hot Hardware notes, TU Berlin researchers have been able to bypass some of Tesla's software locks thanks to a voltage fault injection attack on the AMD Security Processor (ASP). While the architecture flaw might be an issue when it comes to user privacy, at least it'll let you bypass Musk's cheeky paywall.
As the researchers note, a physical flaw in Tesla's third-generation Media Control Unit (MCU-Z) "gives us two distinct capabilities: First, it enables the first unpatchable AMD-based 'Tesla Jailbreak', allowing us to run arbitrary software on the infotainment. Second, it will enable us to extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."
In gaining root permissions, the researchers have been able to make changes to the Linux system underpinning Tesla's AMD hardware, and "decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc. On the other hand, it can also benefit car usage in unsupported regions".
Of course, it means users are susceptible to hackers accessing their private data. But when your back seats are heated for free, what's there to complain about really?