A group of researchers found a way to hack a Tesla's hardware with the goal of getting free in-car upgrades, such as heated rear seats.
The researchers will present their research next week at the Black Hat cybersecurity conference in Las Vegas.
Christian Werling, one of the three students at Technische Universität Berlin who conducted the research along with another independent researcher, said that their attack requires physical access to the car, but that’s exactly the scenario where their jailbreak would be useful.
“We are not the evil outsider, but we’re actually the insider, we own the car,” Werling told TechCrunch in an interview ahead of the conference. “And we don’t want to pay these $300 for the rear heated seats.”
The technique they used to jailbreak the Tesla is called voltage glitching. Werling explained that what they did was “fiddle around” with the supply voltage of the AMD processor that runs the infotainment system.
“If we do it at the right moment, we can trick the CPU into doing something else. It has a hiccup, skips an instruction and accepts our manipulated code. That’s basically what we do in a nutshell,” he said.
With the same technique, the researchers said they were also able to extract the encryption key used to authenticate the car to Tesla’s network. In theory, this would open the door for a series of other attacks, but the researchers said they still have to explore the possibilities in this scenario.
The researchers said they were also able to extract personal information from the car such as contacts, recent calendar appointments, call logs, locations the car visited, Wi-Fi passwords and session tokens from email accounts, among others. This is data that could be attractive to people who don’t own that particular car, but still have physical access to it.
Mitigating the hardware-based attack that the researchers achieved is not simple. In fact, the researchers said, Tesla would have to replace the hardware in question.
If I rent something then feel free to offer me upgrades to that rental (like rear heated seats) but if I purchased the product then fuck off its mine and I should be able to do what I want with all of its hardware.
With Apple, people generally let it slide because electronics aren’t as expensive and don’t last as long. Cars, on the other hand, are extraordinarily expensive and they’re supposed to last a lot longer than a phone.
Plus, at least Apple doesn’t (for example) charge you extra just to ‘unlock’ more performance on your phone.
You’d be surprised. To make two different models, one without heated seats may very well cost more than just making one model with all the features built in. Now the cheaper version which normally wouldn’t have these features at all actually does have them but they’re disabled and that’s why you paid less for it.
Tesla 85D and 100D both have the same battery pack too but on 85D it’s digitally limited to smaller range and that’s why it’s cheaper.
Cost of equipment wasted vs cost of setting the plant up to make multiple option packages. Also, if you force someone to make a decision when they initially buy the vehicle, then you permanently never get that upgrade on that vehicle. However, if someone can chose later that they want heated seats then they might make the sale when the owner is sitting in their car on a cold winter morning freezing their butt off. Or, if the second owner wants it. All I’m saying is the cost of providing different manufacturing options vs the possible profits of someone purchasing it later, it is probably more profitable for them to do what they are doing. Otherwise they wouldn’t be doing it.
This isn’t something new it’s been around in the auto industry for decades, way back in the day you would have to run the wiring if a customer purchased a towing package, they changed that over time by basically having the wire harnesses pre wired and instead you would just add a couple of plug and play components, the newest versions of this is software unlocks, they just got rid of the actual hardware stuff
You don’t think they gift you heated seats do you? You pay for it, that’s part of the purchase price. They even save money because they don’t have to stock or install different types of seats.
Then you pay for it, and if you want to use it, you’ll pay for it again.
Welcome to the future. You’ll own nothing and you’ll be happy.
You might be laughing at the fog, but you aren’t far from the truth period take a moment to look into the John Deere hacker’s period you have these rough black farmers learning how to hack their combined machines, so they can work on them without having to have proprietary software, it is quite interesting and amazing period
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
How long till Ol Musky sues them for some stupid reason?
If I rent something then feel free to offer me upgrades to that rental (like rear heated seats) but if I purchased the product then fuck off its mine and I should be able to do what I want with all of its hardware.
I wish people would apply this logic to Apple aswell but they generally seem to let it slide because they like the company
With Apple, people generally let it slide because electronics aren’t as expensive and don’t last as long. Cars, on the other hand, are extraordinarily expensive and they’re supposed to last a lot longer than a phone.
Plus, at least Apple doesn’t (for example) charge you extra just to ‘unlock’ more performance on your phone.
Well that’s the future they want anyway - for you to own nothing and be happy
I feel the same.
If I ever get a Tesla, which I won’t, it would get hacked to shreds. I am not a fan of getting something sold to me that I already purchased.
So they install heated seats and then make you pay to unlock them?
That seems… not cost-effective
You’d be surprised. To make two different models, one without heated seats may very well cost more than just making one model with all the features built in. Now the cheaper version which normally wouldn’t have these features at all actually does have them but they’re disabled and that’s why you paid less for it.
Tesla 85D and 100D both have the same battery pack too but on 85D it’s digitally limited to smaller range and that’s why it’s cheaper.
Cost of equipment wasted vs cost of setting the plant up to make multiple option packages. Also, if you force someone to make a decision when they initially buy the vehicle, then you permanently never get that upgrade on that vehicle. However, if someone can chose later that they want heated seats then they might make the sale when the owner is sitting in their car on a cold winter morning freezing their butt off. Or, if the second owner wants it. All I’m saying is the cost of providing different manufacturing options vs the possible profits of someone purchasing it later, it is probably more profitable for them to do what they are doing. Otherwise they wouldn’t be doing it.
This isn’t something new it’s been around in the auto industry for decades, way back in the day you would have to run the wiring if a customer purchased a towing package, they changed that over time by basically having the wire harnesses pre wired and instead you would just add a couple of plug and play components, the newest versions of this is software unlocks, they just got rid of the actual hardware stuff
You don’t think they gift you heated seats do you? You pay for it, that’s part of the purchase price. They even save money because they don’t have to stock or install different types of seats.
Then you pay for it, and if you want to use it, you’ll pay for it again.
Welcome to the future. You’ll own nothing and you’ll be happy.
You wouldn’t download rear-heated seats.
TIL “Researchers” = Pirates. Sexy pirates.
I love the idea of some shady-ass looking garage with Cletus the slack jawed yokel charging Tesla owners for a good ole hackin’
You might be laughing at the fog, but you aren’t far from the truth period take a moment to look into the John Deere hacker’s period you have these rough black farmers learning how to hack their combined machines, so they can work on them without having to have proprietary software, it is quite interesting and amazing period
Borderlands vibes lol