AMD-based Car Systems at Risk: Unlocking Premium Features Without Pay

Reading Time: ( Word Count: )

August 6, 2023
Nextdoorsec-course

Scientists from Berlin’s Technical University (TU) have discovered a flaw in the AMD-based infotainment systems found in cars, enabling unauthorized individuals to access restricted vehicle functions.

This revelation is particularly significant in the context of vehicles providing exclusive features behind a financial barrier, such as Tesla, renowned for its extensive infotainment system. However, Tesla is not the only company charging for additional features. BMW has also been in the spotlight recently due to its subscription-based model for options like heated seats.

The researchers from TU Berlin pointed out that exploiting the vehicle’s embedded computer system might enable users to access these premium features without incurring any costs. Two specific issues have been identified.

Also Read: SUSE Engineer Exposes Security Loophole in Mozilla VPN for Linux

SUSE Engineer Exposes Security Loophole in Mozilla VPN

The first is an “unfixable AMD-based Tesla Jailbreak” that permits the attacker to run any software on the vehicle’s display. The second concern involves the extraction of a vehicle-specific hardware-bound RSA key, allowing the attacker to authenticate the car and gain access to Tesla’s services.

The experts who uncovered the flaw revealed that a voltage fault injection attack was executed on the AMD Ryzen SoC that Tesla’s MCU-Z utilizes.

At this point, it’s uncertain which paid options can be targeted in an attack. In a communication to Tom’s Hardware, the TU Berlin team mentioned that not every software upgrade is vulnerable. Depending on the vehicle’s model and manufacturing year, the available upgrades might include additional luxuries like heated rear seats or more significant enhancements such as acceleration boosts and full self-driving functionalities.

Since Tesla dissolved its press department in 2020, information from Elon Musk’s personal communications has become the primary source for authentic news related to the company. However, Tesla has yet to officially acknowledge or comment on the discovered vulnerability.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *