The researchers will present their research next week at the Black Hat cybersecurity conference in Las Vegas.

Christian Werling, one of the three students at Technische Universität Berlin who conducted the research along with another independent researcher, said that their attack requires physical access to the car, but that’s exactly the scenario where their jailbreak would be useful.

“We are not the evil outsider, but we’re actually the insider, we own the car,” Werling told TechCrunch in an interview ahead of the conference. “And we don’t want to pay these $300 for the rear heated seats.”

The technique they used to jailbreak the Tesla is called voltage glitching. Werling explained that what they did was “fiddle around” with the supply voltage of the AMD processor that runs the infotainment system.

“If we do it at the right moment, we can trick the CPU into doing something else. It has a hiccup, skips an instruction and accepts our manipulated code. That’s basically what we do in a nutshell,” he said.

With the same technique, the researchers said they were also able to extract the encryption key used to authenticate the car to Tesla’s network. In theory, this would open the door for a series of other attacks, but the researchers said they still have to explore the possibilities in this scenario.

The researchers said they were also able to extract personal information from the car such as contacts, recent calendar appointments, call logs, locations the car visited, Wi-Fi passwords and session tokens from email accounts, among others. This is data that could be attractive to people who don’t own that particular car, but still have physical access to it.

Mitigating the hardware-based attack that the researchers achieved is not simple. In fact, the researchers said, Tesla would have to replace the hardware in question.

Tesla did not respond to a request for comment.

  • whenigrowup356@lemmy.world
    link
    fedilink
    English
    arrow-up
    38
    arrow-down
    1
    ·
    1 year ago

    So they install heated seats and then make you pay to unlock them?

    That seems… not cost-effective

    • Dojan@lemmy.world
      link
      fedilink
      English
      arrow-up
      26
      arrow-down
      2
      ·
      1 year ago

      You don’t think they gift you heated seats do you? You pay for it, that’s part of the purchase price. They even save money because they don’t have to stock or install different types of seats.

      Then you pay for it, and if you want to use it, you’ll pay for it again.

      Welcome to the future. You’ll own nothing and you’ll be happy.

      • NightOwl@lemmy.one
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        Paying for something in this era means they are still the product. Sometimes even more so, since paid options require signing into make use of the product creating nice account based activity to track with personal info and payment details. Future is awesome.

    • Yoruio@lemmy.ca
      link
      fedilink
      English
      arrow-up
      25
      arrow-down
      2
      ·
      1 year ago

      Actually, on that scale, it probably is more cost effective. They don’t need separate factory lines, or to pump out cars with all sorts of different combinations of options. It takes better advantage of the economy of scale.

      • Ilovethebomb@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Why not just have the seats as a base model feature?

        I can understand having one wiring harnesses, and having two types of seats, but otherwise you’d need to charge twice the cost of the feature to break even.

        • bobs_monkey@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Why not just have the seats as a base model feature?

          Because then you can’t charge something ridiculous for it

        • fneu@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Because it’s still more expensive to install the heated seats for everyone then to not install them at all. And most people don’t need them. So if it was a base feature then the car would be more expensive for everyone.

          So now they let the people that bought the upgrade pay for everyone’s heated seats - which is less expensive then it would be if heated seats were only installed in their cars.

          I’m not saying that it’s the right thing to do, but it does make the car cheaper for everyone.

          • Dojan@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Yeah that’s not how it works for any manufacturer. They charge you for the heated seats whether you use them or not.

            Do you seriously think that they just give away parts hoping that enough users need it to pay for it and cover the cost?

        • shinjiikarus@mylem.eu
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Twice of the much lower cost, due to economies of scale … which may/should still be significantly less than building two - and more, for more features - factory lines and risk not selling a car for a longer time, since it doesn’t have the right feature combination.

    • Guy_Fieris_Hair@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Cost of equipment wasted vs cost of setting the plant up to make multiple option packages. Also, if you force someone to make a decision when they initially buy the vehicle, then you permanently never get that upgrade on that vehicle. However, if someone can chose later that they want heated seats then they might make the sale when the owner is sitting in their car on a cold winter morning freezing their butt off. Or, if the second owner wants it. All I’m saying is the cost of providing different manufacturing options vs the possible profits of someone purchasing it later, it is probably more profitable for them to do what they are doing. Otherwise they wouldn’t be doing it.

    • Thorny_Thicket@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      You’d be surprised. To make two different models, one without heated seats may very well cost more than just making one model with all the features built in. Now the cheaper version which normally wouldn’t have these features at all actually does have them but they’re disabled and that’s why you paid less for it.

      Tesla 85D and 100D both have the same battery pack too but on 85D it’s digitally limited to smaller range and that’s why it’s cheaper.

      • Andy@slrpnk.net
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        1
        ·
        1 year ago

        I think that this kind of rentism has become dangerously pervasive, but I want to believe that more and more people are recognizing it as absurd. This kind of news does a lot to further this, imo.

    • Paradox@lemdro.id
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Not just heated seats. Correct me if I’m wrong, but I believe Tesla only makes one of each model of car. So there’s only one Model 3. Everything else that differentiates the trim levels is done entirely in software.

      • Yendor@reddthat.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You’re wrong.

        The 3 and Y have 3 trims currently, and had more in the past. They’re not software differences, they have different motors, different inverters, different chargers and different batteries.

        The only thing that’s installed and not used is the heated rear seats, on the base model. Some people used to buy wiring mods online to enable them, and other people tweeted at Elon to make them available without a dodgy Chinese cable, so Tesla made it possible to enable them via software.

    • mikeboltonshair@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      This isn’t something new it’s been around in the auto industry for decades, way back in the day you would have to run the wiring if a customer purchased a towing package, they changed that over time by basically having the wire harnesses pre wired and instead you would just add a couple of plug and play components, the newest versions of this is software unlocks, they just got rid of the actual hardware stuff

    • Chriskmee@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      In this particular case I think this was a one off where they needed to make the car cheaper so that it was eligible for some rebate. To do that they took the model 3 they were already making, software locked the rear heated seats, some battery capacity, and maybe some other stuff, then sold the car for just under the limit. Then of course they added the option to pay to unlock these features.

      As far as I know, they are not doing this kind of thing today besides unlocking some performance, but I could be wrong. Even with the performance I think the cost mostly covers the extra stress breaking stuff under warranty.