Technology @lemmy.world ijeff @lemdro.id 2y ago

Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrades

www.tomshardware.com Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrades

Sorry Elon, but this jailbreak appears to be unpatchable.

Original source: https://www.blackhat.com/us-23/briefings/schedule/index.html#jailbreaking-an-electric-vehicle-in--or-what-it-means-to-hotwire-teslas-x-based-seat-heater-33049

162

Team Red @lemmy.ninja MrEUser @lemmy.ninja 2y ago

Just let the manufacturer hack it for you…

www.tomshardware.com /news/tesla-mcu-amd-asp-flaw-jailbreak

4 0

Technology @beehaw.org ijeff @lemdro.id 2y ago

Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrades

www.tomshardware.com /news/tesla-mcu-amd-asp-flaw-jailbreak

4 9

162 comments

For example, 2021 Model 3 SR+ vehicles can enable the Cold Weather Feature (heated steering wheel, heated rear seats) for an extra $300. This feature unlock is confirmed to work with the exploit.

So like cucks people were paying for something that their car already had offline, both hardware- and software-wise.
- No kink shaking please. They like to watch when daddy X smashes their bank accounts, there's nothing wrong with that.
  
  There is a kink where guys get off on sending women money, often without having any contact with her. It's called FinDom.
- Which should be illegal. I get not adding a feature, but software unlocks or subscriptions to hardware you paid for is absurd. Also see Tesla batteries.
  
  You didn't pay for it.
  
  Tesla includes it at loss because it's cheaper than making you a special version without it, and it opens up new sales by reducing the price (e.g the originally locked batteries let them sell a substantially cheaper car than they could have otherwise)
  
  Subscriptions for that should be banned, but including heated seats and making you pay once to access them is fair game.
  
  Manufacturers dont owe you anything for free.
  
  Edit: also, short of something like FSD which depends on future work from Tesla, I don't think they have a right to prevent you from bypassing a lock and accessing those heated seats if you can
- Tesla actually market it as a positive.
  
  Car manufacturers have to setup different manufacturing lines to provide different feature levels. Tesla argue this makes them more expensive. Tesla cars have all features installed, just disabled and the optional extra packages are cheaper compared to their rivals as a result.
  
  To be honest there is a certain logic, if you've ever been in a Ford Focus LX (bottom range) its pretty clear they had to spend quite a bit of money on more basic systems. I honestly thought each LX was sold at a loss
  
  Then make heated seats part of the base model. In the 1950s a heater was an optional accessory, but became standard sometime in the 1960s. (I don't know exact years, if someone fact checks me I'm probably wrong, but close enough for discussion) radio went from not an option to am was an option, to FM mono, FM stereo, cassettes, CD, mp3. At one point you could get a record player as well (I think only about 200 were sold in total). AC used to be an option, became standard in the 1990s.
  
  We will keep running this game as manufactures decide to make more and more things standard to make assembly easier.
  
  You can get any color you want as long as it’s black.
  
  But also fuck Tesla if I own the computer and the seats so I can do whatever I want with them
  
  It’s quite uncommon to have line splits for specific features. The only thing in a Tesla that might require a split is dual vs single motor. Heated seats would just be a station skip, where the worker or robot ignores cars without the feature. (Source: I used to write assembly line control software for this exact sort of thing)
  
  It doesn’t save Tesla any money, except in marshaling. If they build a mix of lots of options then they have to track them all. With their simplified option list, cars are more interchangeable.
  
  It also makes upselling possible, even after delivery, which is 98% of why they do it.
  
  It’s a very old practice. IBM mainframes back in the 1970s/80s would come in various configurations. ‘Upgrading’ the machine to the improved performance spec was achieved by cutting an internal wire
  
  Then just include it. My Acura had one option, with or without navigation.
  
  Well, for what it’s worth, I don’t think the base cars pay for heated seats. It was more of an early Model 3 thing. I could go into the economics of why, but I doubt that would be a productive conversation
- I've thought for a while that Tesla relies a lot on people who a) have money to throw at a car that's too expensive, b) have money to throw at features that should be free, and c) do a and b because they think Tesla and Musk are cool.
- Not defending this practise but this is nothing new and has been happening for decades on other cars. It’s typically cheaper to manufacture everything on mass, including the higher features, and just not wire it up in lower end cars. Very common for things like heated car seats, I remember one of my old Mitsubishi had everything in the seat but just didn’t have the heated seat control button and fuse.
  
  Locked by software is a whole new level though.
  
  but that wouldnt stop you from buying the switch and putting it in your own. and mitsubishi wasnt removing your service apointments or cancling your subscriptions when you complained.... or modified your car... and i will bet you could order the parts missing direct from mitz as well as having them install them or...gasp a third party garage.
- It’s probably cheaper to build cars that way than to have dozens of different configurations. The small loss they take on the hardware by giving away the hardware but locking it is offset by the increased production efficiency.
  
  Well it's probably even cheaper to not invest in locking systems.
  
  Nah, they only need to split production lines when things are radically different. Excluding parts is usually easy, because the production line simply doesn’t install the missing part. The car still moves through the same line at the same rate regardless, so it saves them parts to not install.
  
  The real reason they include them is so they can have their salespeople upsell you at the store. You weren’t originally planning on getting heated seats, but it’s only a few hundred more to do it and you’re already applying for the loan. A few hundred won’t make a huge difference. Also, we have this other feature that’s also only a few hundred more, and this other feature, and… Before you know it, they’ve upsold you into paying $5k more than you intended, simply by activating things that the car already had installed.
- This has apparently being a thing for a long while. I read that in the past some models of BMW came with heated seats but the switch (and maybe a relay I'm guessing) why for unless the premium was paid. It was an early diy upgrade
- Cucks love it
- cucks
  
  We don’t use that word here.
If all electric cars are just going to be subscription bullshit, I'm sorry, I won't be driving electric.
- Even ICE manufacturers have been including hardware that software disabled for a while
  
  I got an OBDeleven for my 2015 GTI so I could unlock stuff and customize. Enabled rolling down the windows with the key fob, being able to display the engine oil temp in the dash and also setting the accelerator pedal curve to linear.
  
  Subscribe to enable your BMW seat heater! They definitely require periodic software updates and is absolutely NOT a blatant money grab
  
  Audi had been doing this for years and they even disable stuff if you sell your car to another private person. One of my friends bought a used Audi and everything was disabled so he installed a cracked version of the infotainment software and now the only thing that doesn't work is the fingerprint unlock.
  
  There are some manufacturers that do not do this garbage, or at least not often. I've heard good things about Hyundai specifically.
- It won’t just be electric cars, it’ll be all new model cars from manufacturing companies. At least until ICE is phased out.
  
  More like, until the Chinese weasel their way into the US market with cheaper-than-used cars to undercut the legacy auto makers. 10 years or so, it'll happen. And the big 3 will be begging for bailouts again. That is unless they smarten up and remember what made Ford what it is today.
  
  Yeah. GM's subscription nonsense is for their ice cars too. BMW's aborted seat heater thing was too.
  
  Cory Doctorow has written a great article about this phenomenon a few days ago: https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon
  
  Basically we move back to a feudalism world where you don't own anything anymore and you have to pay recurring rents. And as you don't own it they can fuck you over by increasing rents or disable features when you can't pay.
  
  This is why I keep an oldish diesel car with no extra electronic features in my garage. No weird features, and can still run even without a battery.
  
  Although, I think the reason I kept the car is because of my paranoia of an EMP event frying electronics.
  
  Yeah that's true. I wonder if the market for older cars has been going up yet.
- Have you seen the automotive industry as of late? This isn't a EV issue nor is it really new. We've had things like OnStar for years and the entire industry has started to chase the gaming industry's microtransaction BS for a while now.
  
  https://www.theverge.com/2022/7/12/23204950/bmw-subscriptions-microtransactions-heated-seats-feature
  
  https://www.thedrive.com/news/43329/toyota-made-its-key-fob-remote-start-into-a-subscription-service
  
  The future looks like a potential live service hell scape for the auto industry EV or otherwise.
  
  Everything is being ruined. It feels like hyperbole but I'm not sure it is.
  
  Yes, I know it's industry wide. What I'm saying is that with EV being the future of cars I don't want them all to be subscription based.
- I have a Rivian and it works great with no subscription. The only thing you can add via Sub is a hotspot, which seems reasonable to me.
  
  I'm okay with being charged a monthly subscription for something that has an ongoing cost, like mobile data. So long as I can still hotspot my phone and access 'premium connectivity' features over wifi, that is.
- At some point, there will be practically nothing else to drive...
  
  All the more reason to support public transportation.
  
  Sure there will, always. Fix it yourself jalopies aren't going away. Get yourself a cheap-o used junker and mod it to be electric, if you can't or won't use ICE. DIY isn't just 3d printers and FOSS. Or get a bicycle and mod it into an e-bike.
- All these upgrades are one time payments for an upgrade, much like sales point dealer add-ons for conventional cars. However recently they did allow you to buy a monthly subscription to FSD. But the option to buy it outright was always there, and still remains.
Common AMD W
Cool! Now work on exploits for those paywalled features of BMW cars and Ford cars.

If you pay for something it's yours by right. You should be able to use the entire thing, because you physically have it now.
- When I need a new car it's going to br older not newer..
- What's pay walled in a Ford besides bluecruise, which is a service that's constantly updated to add more roads and expand it's usability?
  
  Fuck'em rich
Unpatchable

Good to hear
Good. There should be no such thing as unserviced features that are physically present in a product and locked out against its owner. Not in cars or anything.
- Software?
  
  What about it?
  
  This isn’t sound - “software” is being used here as a physical description but in reality it’s still just a “face” for actual hardware which often do actually have on going costs
- Why not?
  
  Because it's abusive and blatant rent seeking.
  
  Look, if there's an actual service feature that continually costs money to provide (eg.: a cell connection for distant remote start, GPS nav map updates, etc), charging a reasonable subscription fee for that is totally acceptable. But charging ongoing fees for fixed features like heated seats is 100% bullshit unless you're going to include some sort of service benefits like free repairs (which I doubt they're doing).
Good. Fuck Elon.
- No, don't! He has enough kids.
  
  He’s a guy, he can’t have kids (at least today).
Next we will see tesla bricking cars were users have done this

More E-waste!
- Unlikely, but expect to see more language in sales contracts that "if absolutely any of the software is fucked with in absolutely any way that wasnt done by us the vehicles warranty is absolutely null and void. We also reserve the right to refuse to provide any and all parts and services to any vehicle found to have had its software modified outside of factory parameters." And you best believe they will keep a list of vins and wont care if it was the previous owner.
  
  Even if it is in the contract, it's not enforceable (depending on country). In a fair few, the manufacturer has to prove that the modifications caused the defect to invalidate the warranty.
  
  It's unclear what would happen if they simply refused to service the car, or bricked it instead.
A subscription for hardware is such bullshit, I hope this trend dies.
- We can all do our part by not buying anything from those who do this.
This is the best summary I could come up with:

Utilizing multiple connections to the power supply, BIOS SPI chip, and SVI2 bus, the researchers performed a voltage fault injection attack on the MCU-Z's Platform Security Processor.

"They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc."

"Hacking the embedded car computer could allow users to unlock these features without paying," the TU Berlin researchers add.

In an email to Tom's Hardware, one of the researchers clarified that not all Tesla software upgrades are accessible, so it remains to be seen if those premium options will also be ripe for picking.

Another consequence is that the exploit can "extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."

The TU Berlin team (consisting of PhD students Christian Werling, Niclas Kühnapfel, and Hans Niklas Jacob, along with security researcher Oleg Drokin) will present their findings next week (August 9) at the Blackhat conference in Las Vegas, where we hope to hear more about all the feature upgrades that are accessible.

I'm a bot and I'm open source!
- Good Bot
Nice anti-AMD framing so shortly after that latest Zen2 vulnerability.
- Right? Probably for attention grabbing, cause they do say the same flaw exists in zen2 and zen3, and the article is by no means slamming AMD for it. But the title does come off that way
  
  It's probably because there are both Intel and amd Tesla cars. Newer models use AMD
- Idk unpatcheable vulnerability for the core component of the system seems pretty negligent but what do I know
  
  Not like they make boat loads of profit and are definitely just cutting corners on aspects of staffing to save extra money up for when the planet inevitably burns down (due to the very same people)
  
  The vulnerability is much more of an issue for Tesla('s profits) than the owners. It's not a simple exploit and not the worst concern for average users of those chips. You have to have physical access to it in order to exploit it, as well as a system worth hacking (think, national security trying to prevent compromised personnel from physically using the exploit on their systems). I'm not worried about someone breaking into my house to physically hack my computer, just to find some memes and bullshit
  
  It still has to be addressed by both Intel and AMD, because that's their whole industry. But recalls and such aren't needed, because bugs can be exploited all over the place and this one isn't a high level risk for the average end-user. It's more of a concern for Intel/AMD reputation and the large industry users of their chips
Id like to imagine that the coder did this on person as a fuck u.
- The coder’s name was Galen Erso
Literally stealing the food from the plates of those hard-working millionaires/billionaires (if you ask them). How will they ever continue to float to the top of the net worth leaderboard now?
https://www.youtube.com/watch?v=PWQL_XORalY
- Here is an alternative Piped link(s): https://piped.video/watch?v=PWQL_XORalY
  
  Piped is a privacy-respecting open-source alternative frontend to YouTube.
  
  I'm open-source, check me out at GitHub.
  
  Good bot
- That was fun. Thank you.
Oh no! Anyways...
The title seems much more interesting than it is. I doubt most people have the ability to perform this type of exploit. It would be more interesting if a group would charge X to unlock it for you.
- I hope that becomes more common as these types of features become more prevalent across multiple OEMs. I'd pay a tech-savvy mechanic or a car-savvy hacker quite a bit for features that are already installed but locked behind some arbitrary paywall.
  
  I also just hope regulators put a stop to such behavior first, but I kind of doubt that will happen.
They should publish that private key 🤣
I see MusX stopping people's car in the middle of the highway when they found out.
reading this made me so hard
@autotldr@lemmings.world
- I just created the summary! You can find it at https://lemmings.world/comment/919257.
  
  Good bot!
Not a flaw, it's a feature developed just for tesla.

162 comments