AMD-based Car Systems at Risk: Unlocking Premium Features Without Pay

Reading Time: ( Word Count: )

August 6, 2023
Nextdoorsec-course

Scientists from Berlin’s Technical University (TU) have discovered a flaw in the AMD-based infotainment systems found in cars, enabling unauthorized individuals to access restricted vehicle functions.

This revelation is particularly significant in the context of vehicles providing exclusive features behind a financial barrier, such as Tesla, renowned for its extensive infotainment system. However, Tesla is not the only company charging for additional features. BMW has also been in the spotlight recently due to its subscription-based model for options like heated seats.

The researchers from TU Berlin pointed out that exploiting the vehicle’s embedded computer system might enable users to access these premium features without incurring any costs. Two specific issues have been identified.

Also Read: SUSE Engineer Exposes Security Loophole in Mozilla VPN for Linux

SUSE Engineer Exposes Security Loophole in Mozilla VPN

The first is an “unfixable AMD-based Tesla Jailbreak” that permits the attacker to run any software on the vehicle’s display. The second concern involves the extraction of a vehicle-specific hardware-bound RSA key, allowing the attacker to authenticate the car and gain access to Tesla’s services.

The experts who uncovered the flaw revealed that a voltage fault injection attack was executed on the AMD Ryzen SoC that Tesla’s MCU-Z utilizes.

At this point, it’s uncertain which paid options can be targeted in an attack. In a communication to Tom’s Hardware, the TU Berlin team mentioned that not every software upgrade is vulnerable. Depending on the vehicle’s model and manufacturing year, the available upgrades might include additional luxuries like heated rear seats or more significant enhancements such as acceleration boosts and full self-driving functionalities.

Since Tesla dissolved its press department in 2020, information from Elon Musk’s personal communications has become the primary source for authentic news related to the company. However, Tesla has yet to officially acknowledge or comment on the discovered vulnerability.

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Amazon Mistakenly Sends Out Gift Card Confirmations

Amazon Mistakenly Sends Out Gift Card Confirmations

Amazon unintentionally dispatched purchase confirmation emails regarding Hotels.com, Google Play, and Mastercard ...
FBI Flags Escalating Trend of Paired Ransomware Threats

FBI Flags Escalating Trend of Paired Ransomware Threats

The U.S. Federal Bureau of Investigation (FBI) has issued an alert regarding a rising trend of dual ransomware ...
Unraveling the Mystery Behind Discord’s Recent Block Message

Unraveling the Mystery Behind Discord’s Recent Block Message

Users of the renowned communication tool Discord were taken aback today when they were greeted with an alarming ...
Best Phishing Tools for Ethical Hacking in 2023

Best Phishing Tools for Ethical Hacking in 2023

Phishing is one of the most prevalent cyber threats today, seeking to exploit human vulnerabilities rather than ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *