For example, 2021 Model 3 SR+ vehicles can enable the Cold Weather Feature (heated steering wheel, heated rear seats) for an extra $300. This feature unlock is confirmed to work with the exploit.
So like cucks people were paying for something that their car already had offline, both hardware- and software-wise.
Good. There should be no such thing as unserviced features that are physically present in a product and locked out against its owner. Not in cars or anything.
Utilizing multiple connections to the power supply, BIOS SPI chip, and SVI2 bus, the researchers performed a voltage fault injection attack on the MCU-Z's Platform Security Processor.
"They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc."
"Hacking the embedded car computer could allow users to unlock these features without paying," the TU Berlin researchers add.
In an email to Tom's Hardware, one of the researchers clarified that not all Tesla software upgrades are accessible, so it remains to be seen if those premium options will also be ripe for picking.
Another consequence is that the exploit can "extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."
The TU Berlin team (consisting of PhD students Christian Werling, Niclas Kühnapfel, and Hans Niklas Jacob, along with security researcher Oleg Drokin) will present their findings next week (August 9) at the Blackhat conference in Las Vegas, where we hope to hear more about all the feature upgrades that are accessible.
Literally stealing the food from the plates of those hard-working millionaires/billionaires (if you ask them). How will they ever continue to float to the top of the net worth leaderboard now?
The title seems much more interesting than it is. I doubt most people have the ability to perform this type of exploit. It would be more interesting if a group would charge X to unlock it for you.