AMD Chip Flaw Allows Free Tesla Paid Car Features And It's Unpatchable

A Tesla vehicle being charged.
Some automakers are accelerating towards a future in which certain features sit behind a software paywall, sort of like how microtransactions and DLC work in the PC and console gaming space. Tesla is one of them—for example, Model Y Long Range owners can pay extra to unlock features like heated rear seats and faster acceleration. Or they can apparently jailbreak their vehicle courtesy of an unpatchable AMD chip flaw, as researchers at TU Berlin have discovered.

What the security researchers found it is possible to exploit Tesla's third-generation Media Control Unit (MCU-Z) that powers the in-car display and its associated functions. Unlike the first-gen MCU0/1 based on NVIDIA's Tegra 3 SoC and second-generation MCU2 with Intel Atom guts, the third-gen MCU-Z runs on a custom AMD Ryzen SoC.

"[The chip flaw] gives us two distinct capabilities: First, it enables the first unpatchable AMD-based 'Tesla Jailbreak', allowing us to run arbitrary software on the infotainment. Second, it will enable us to extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network," the researchers explain.

Render of the interior of a Tesla Model Y

The researchers discovered they could bypass software locks on certain features using a known voltage fault injection attack against the AMD Security Processor (ASP), which serves as the root of trust of the platform. Furthermore, it doesn't require expensive hardware or gadgets to bypass the built-in security—the researchers said they used low-cost, off-the-shelf hardware to subvert the ASP's initial boot code, to then reverse engineer the boot flow to gain deep access that normally would be untouchable.

"Our gained root permissions enable arbitrary changes to Linux that survive reboots and updates. They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc. On the other hand, it can also benefit car usage in unsupported regions," the researchers say.

This all amounts to a jailbreak for users who are determined to bypass Tesla's security locks. This presents an obvious security concern, as it makes an owner's private data susceptible to hackers, though it requires physical access to the vehicle.

Outside of that, however, the researchers say this method can be used to unlock certain paid features for free. It's not clear if that also includes more expensive amenities such as Enhanced Autopilot and/or Full Self-Driving functionality, which cost $6,000 and $15,000, respectively. At the very least, however, it sounds like hundreds of dollars worth of paid features are accessible with this exploit. And being supposedly unpatchable, it means Tesla can't simply roll out a software update to mitigate it.

The researchers plan to discuss their findings in more detail during the Black Hat conference on August 9.