'Unpatchable' vulnerability in Tesla's AMD chips allows free access to the cars' paywalled features

News
By Katie Wickens
published

A flaw on the AMD chip means penny-pinching Teslas can indeed be jailbroken.

Tesla 2021 Model S interior
(Image credit: Tesla)

Tesla has been locking certain features for vehicle owners behind a paywall. Dumb as it sounds to have to deal with in-car purchases after you've already paid for the car outright, Tesla isn't the only car manufacturer doing this, but its owners are asked to pay extra for things like faster acceleration and heated rear car seats. And there are inevitably those who have been searching for a backdoor—and find one, they have. 

It comes in the form of an unpatchable chip flaw in the architecture of Tesla's AMD chips. For context this is the same AMD RDNA 2-based Ryzen APU that allows for Steam integration actually in the car when parked up (found in Tesla's 2021-2022 Model X, and Model S and 2022 Model 3 and Model Y). It's also the one that had to be patched after overheating issues were spotted.

As Hot Hardware notes, TU Berlin researchers have been able to bypass some of Tesla's software locks thanks to a voltage fault injection attack on the AMD Security Processor (ASP). While the architecture flaw might be an issue when it comes to user privacy, at least it'll let you bypass Musk's cheeky paywall.

As the researchers note, a physical flaw in Tesla's third-generation Media Control Unit (MCU-Z) "gives us two distinct capabilities: First, it enables the first unpatchable AMD-based 'Tesla Jailbreak', allowing us to run arbitrary software on the infotainment. Second, it will enable us to extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."

Your next upgrade

(Image credit: Future)

Best CPU for gaming: The top chips from Intel and AMD
Best gaming motherboard: The right boards
Best graphics card: Your perfect pixel-pusher awaits
Best SSD for gaming: Get into the game ahead of the rest

In gaining root permissions, the researchers have been able to make changes to the Linux system underpinning Tesla's AMD hardware, and "decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc. On the other hand, it can also benefit car usage in unsupported regions".

Of course, it means users are susceptible to hackers accessing their private data. But when your back seats are heated for free, what's there to complain about really?

Katie Wickens
Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been demystifying tech and science—rather sarcastically—for three years since. She can be found admiring AI advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. She's been heading the PCG Steam Deck content hike, while waiting patiently for her chance to upload her consciousness into the cloud.

See comments