Get all your news in one place.
100’s of premium titles.
One app.
Start reading
PC Gamer
PC Gamer
Katie Wickens

'Unpatchable' vulnerability in Tesla's AMD chips allows free access to the cars' paywalled features

Tesla 2021 Model S interior

Tesla has been locking certain features for vehicle owners behind a paywall. Dumb as it sounds to have to deal with in-car purchases after you've already paid for the car outright, Tesla isn't the only car manufacturer doing this, but its owners are asked to pay extra for things like faster acceleration and heated rear car seats. And there are inevitably those who have been searching for a backdoor—and find one, they have. 

It comes in the form of an unpatchable chip flaw in the architecture of Tesla's AMD chips. For context this is the same AMD RDNA 2-based Ryzen APU that allows for Steam integration actually in the car when parked up (found in Tesla's 2021-2022 Model X, and Model S and 2022 Model 3 and Model Y). It's also the one that had to be patched after overheating issues were spotted.

As Hot Hardware notes, TU Berlin researchers have been able to bypass some of Tesla's software locks thanks to a voltage fault injection attack on the AMD Security Processor (ASP). While the architecture flaw might be an issue when it comes to user privacy, at least it'll let you bypass Musk's cheeky paywall.

As the researchers note, a physical flaw in Tesla's third-generation Media Control Unit (MCU-Z) "gives us two distinct capabilities: First, it enables the first unpatchable AMD-based 'Tesla Jailbreak', allowing us to run arbitrary software on the infotainment. Second, it will enable us to extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."

Your next upgrade
(Image credit: Future)

Best CPU for gaming: The top chips from Intel and AMD
Best gaming motherboard: The right boards
Best graphics card: Your perfect pixel-pusher awaits
Best SSD for gaming: Get into the game ahead of the rest

In gaining root permissions, the researchers have been able to make changes to the Linux system underpinning Tesla's AMD hardware, and "decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc. On the other hand, it can also benefit car usage in unsupported regions".

Of course, it means users are susceptible to hackers accessing their private data. But when your back seats are heated for free, what's there to complain about really?

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.