A researcher and three doctoral students in Berlin have found an exploit in Tesla that enables them to unlock the paid features of the car for free!

The bug deals with the CPU voltage, where they tinker with the supply voltage of the infotainment systemโ€™s processor to gain extra privileges, including the Full Self-Driving mode. Well, since itโ€™s a hardware issue, researchers say this exploit needs physical access to the car, making it hard for Tesla to fix remotely.

Gaining Tesla Paid Features For Free

Tesla has long been the strongest EV in the market. And itโ€™s primarily because of its internal features and sturdy hardware that make it a reliable EV today. The car company has long sustained several exploitations from hackers, and itโ€™s majorly because of the prompt response from the patching team.

But this time, a new hardware bug discovered by researchers put Tesla in a complex situation, as itโ€™s remotely impossible to fix! This week, three doctoral students from the Technical University of Berlin and an independent researcher have found a bug in Teslaโ€™s infotainment system that led them to access paid features of the car.

Called voltage glitching, the technique involves tinkering with the supply voltage to the infotainment systemโ€™s processor. โ€œIf we do it at the right moment, we can trick the CPU into doing something else,โ€ Christian Werling, one of the three doctoral students, said to TechCrunch. โ€œIt has a hiccup, skips an instruction and accepts our manipulated code. Thatโ€™s basically what we do in a nutshell.โ€

The exploit gives them full access to the restricted features of the car, including the Full Self-Driving mode, personal information like the carโ€™s recent GPS locations, contacts, call logs and calendar appointments. Also, features that Tesla restricted based on regions can be unlocked too.

Preparing to exhibit this exploit at next weekโ€™s Black Hat cybersecurity conference, researchers said thereโ€™s more work needed to be done. Itโ€™s unknown how Tesla will patch this bug, considering that hardware exploit requires physical access to the concerned vehicle.