By Omar Yang (Senior Threat Researcher, Automotive)
The members of a research team from the Technical University of Berlin, previously focused on scrutinizing the security mechanisms of AMD, shifted their attention to investigating Tesla’s in-vehicle infotainment (IVI) system. Their findings were unveiled at this year’s edition of Black Hat USA, a conference known for addressing security concerns across various technological domains. The outcomes of their work on exploiting a Tesla vehicle’s IVI system revealed the ability to execute arbitrary code or commands, manipulate the vehicle’s configuration — including for the purpose of unlocking paid features — and access stored credentials within the IVI system.
Achieving a successful jailbreak of a Tesla vehicle has several prerequisites, as Tesla has progressively enhanced its security mechanisms encompassing measures such as firmware and operating system signing, a chain of trust during the boot process, and establishing a root of trust within an AMD system-on-chip (SoC).
Booting process and chain of trust
The primary objective of the research was to access a root shell within the root file system (root FS). While there are multiple approaches to reaching this goal, they all require modifying the root FS firmware. Once a portion of the firmware in the booting sequence is altered, the booting process is disrupted, as the modified firmware generates a unique hash that no longer matches the expected value stored in the previous stage.
This is part of the features of secure boot, a critical security mechanism widely adopted in most modern systems. By taking advantage of cryptographic algorithms to verify the integrity of the subsequent program slated for execution, secure boot acts as a safeguard against the execution of malicious code. Tesla has been an early proponent of this technology, particularly in its implementation in the MCU0, the first generation of its media control unit (MCU).
Figure 1. The booting process of Tesla’s IVI system. Some firmware is stored in SPI Flash, while others are in NVMe SSD.
Image adapted from “Jailbreaking an Electric Vehicle in 2023”
The research team successfully applied patches to all firmware components, working backward from the booting sequence’s final element. However, the team encountered an obstacle when it came to the root of trust: the ROM boot loader within AMD’s secure platform (SP). This component, integrated at the hardware level within the CPU SoC, defies straightforward patching.
Figure 2. The ROM boot loader in AMD’s SP cannot be simply patched.
Image adapted from “Jailbreaking an Electric Vehicle in 2023”
This is where an alternative technique came into play: CPU voltage glitching. In this method, during the initial boot loading stage, where verification of the subsequent boot loader occurs, the researchers explored the possibility of causing a voltage glitch in the CPU. By inducing this glitch at the critical moment of the comparison process, the CPU would bypass the checking procedure, allowing the subsequent boot loader to be loaded.
Figure 3. A simple example of what a voltage glitch intends to achieve
Image adapted from “Jailbreaking an Electric Vehicle in 2023”
Voltage glitching
Voltage glitching is a fault injection technique that temporarily lowers the voltage supplied to a chip for a specific duration. Other fault injection methods, such as lasers and electromagnetic interference (EMI), also aim to modify the chip’s operational environment. The main challenge lies in the fact that most of these glitches are ineffective, potentially leading to system halts or no discernable impact. The research team must then impeccably time the chip glitch with precise voltage drop and rise rates. Adding to the complexity, modern processors may execute instructions out of sequence because of optimizations, further complicating the attack technique.
Figure 4. Voltage glitching
Image adapted from “Jailbreaking an Electric Vehicle in 2023”
Once the voltage glitch had been successfully orchestrated to bypass off-chip boot loader verification and coupling it with the patched firmware, the research team gained access to the root shell, enabling the team to execute arbitrary code and manipulate configurations such as activating software-locked features (for example, seat heating).
It’s important to note that voltage glitching lacks persistence and must be performed with every reboot. However, in the context of Tesla’s architecture, altering configurations doesn’t necessarily entail firmware changes. Put simply, unlocked features will endure beyond reboots.
Extracting the Tesla vehicle’s and its owner’s secrets
Alongside manipulating the Tesla vehicle’s configuration by compromising the AMD SP, which serves as the root of trust, the research team were also able to obtain chip-specific secrets for encrypting the car’s and its owner’s credentials.
A Tesla car’s credentials are used for authentication, verifying the car with Tesla’s servers, and enabling operations such as firmware updates and configuration adjustments. Meanwhile, the owner’s credentials encompass a variety of sensitive information, including phone book entries, calendar data, historical location records, and active service cookies or sessions, extending to platforms like Gmail.
Impact
While Tesla has diligently implemented robust security measures, including a chain of trust and root trust on the chip, to protect its systems against unauthorized access, this research has uncovered a new attack vector originating in the hardware domain. Thus, the discovered vulnerabilities and exploits cannot be addressed through conventional software patches. It’s important to note that jailbreaking a Tesla vehicle requires specialized hardware and custom firmware. Moreover, a deep understanding of the intricate details of the entire booting process is imperative.
This Tesla jailbreak can potentially create a market for unlocking features through unofficial means, but accomplishing this is an exceptionally complex undertaking.
Mitigation
As emphasized by the members of the research team in their presentation, it’s vital to recognize that voltage glitching remains impervious to software-based patches. While directly mitigating the glitch itself might pose challenges, adopting a zero-trust paradigm holds promise in preventing subsequent asset compromises. Implementing measures such as robust reauthentication requests can significantly strengthen security.
Furthermore, integrating an awareness of hardware-based attacks like voltage glitching into the firmware and software development process can substantially enhance defense mechanisms against this and similar exploits. By proactively addressing the associated vulnerabilities during the developmental stages, the system’s overall resilience can be significantly improved.
To read more research on other possible vulnerabilities in connected vehicles and learn best security practices, visit our resource center.
