Here’s How to Get Tesla’s $300 Seat Warming for Free Via Hotwiring
LAS VEGAS–A successful hack of a Tesla Model 3’s electronics yielded an unusual real-world benefit: warmer backsides in the back seat.
In a talk Tuesday at the Black Hat security conference here, a team of German researchers explained how they were able to stage a voltage-glitch attack to defeat the boot-integrity defenses on that battery-electric car. That then let them activate its rear-seat warmers for free instead of paying the $300 (since lowered to $200) Tesla had charged to activate that feature.
“You just want to activate some features you'd normally have to pay for,” explained Christian Werling, a PhD student at Technical University Berlin.
But Tesla did not make that easy, as he and his colleagues in this project found out when they investigated the multiple layers of defense Tesla has erected–somewhat like the boot-integrity measures on an iPhone–to ensure that only its code runs on its cars.
“What you see here is a chain of trust,” Werling said as a slide showed the series of code checkpoints a Tesla goes through at each startup, beginning with software embedded in its AMD Secure Processor.
Those defenses thwarted the group’s attempts to insert their own code at later stages of the bootup process, so they instead began researching glitching attacks–in which a precisely timed electrical or electromagnetic disruption interrupts a processor’s operation enough to scramble its output.
To administer the electric-voltage glitch, the team built a “teensy microcontroller,” as researcher Niclas Kühnapfel described it, that would drop the voltage going to the AMD chip at the right instant and then inject the desired code. A video showed this failing more than 10 times in a row before succeeding, at which point the
Read more on pcmag.com
