Scientists from Berlin’s Technical University (TU) have discovered a flaw in the AMD-based infotainment systems found in cars, enabling unauthorized individuals to access restricted vehicle functions.

This revelation is particularly significant in the context of vehicles providing exclusive features behind a financial barrier, such as Tesla, renowned for its extensive infotainment system. However, Tesla is not the only company charging for additional features. BMW has also been in the spotlight recently due to its subscription-based model for options like heated seats.

The researchers from TU Berlin pointed out that exploiting the vehicle’s embedded computer system might enable users to access these premium features without incurring any costs. Two specific issues have been identified.

Also Read: SUSE Engineer Exposes Security Loophole in Mozilla VPN for Linux

The first is an “unfixable AMD-based Tesla Jailbreak” that permits the attacker to run any software on the vehicle’s display. The second concern involves the extraction of a vehicle-specific hardware-bound RSA key, allowing the attacker to authenticate the car and gain access to Tesla’s services.

The experts who uncovered the flaw revealed that a voltage fault injection attack was executed on the AMD Ryzen SoC that Tesla’s MCU-Z utilizes.

At this point, it’s uncertain which paid options can be targeted in an attack. In a communication to Tom’s Hardware, the TU Berlin team mentioned that not every software upgrade is vulnerable. Depending on the vehicle’s model and manufacturing year, the available upgrades might include additional luxuries like heated rear seats or more significant enhancements such as acceleration boosts and full self-driving functionalities.

Since Tesla dissolved its press department in 2020, information from Elon Musk’s personal communications has become the primary source for authentic news related to the company. However, Tesla has yet to officially acknowledge or comment on the discovered vulnerability.