According to recent reports, there are claims that specific individuals have found a method to access self-driving updates and other premium features on Tesla cars without paying for them. A team of researchers from TU Berlin has discovered an unpatchable “jailbreak” that enables people to take advantage of the hack without replacing the vehicle’s hardware; this makes it impossible for Tesla to prevent the exploit from being utilized.
“Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities,” wrote the researchers in the briefing. “More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying.”
Recent reports state that researchers have found a vulnerability in Tesla’s in-car system that allows hackers to extract a unique cryptography key to authenticate and authorize a vehicle within its service network. The technique used to exploit this vulnerability is unpatchable on current Tesla cars, meaning that attackers with physical access to the car can run arbitrary code on the vehicle, regardless of any software updates Tesla may push out; this is due to the attack being directed at the embedded AMD Secure Processor (ASP) inside the Media Control Unit (MCU) rather than a Tesla-made component. Tesla must address this flaw and ensure their customers’ safety and security.