A researcher and three doctoral students in Berlin have found an exploit in Tesla that enables them to unlock the paid features of the car for free!

The bug deals with the CPU voltage, where they tinker with the supply voltage of the infotainment system’s processor to gain extra privileges, including the Full Self-Driving mode. Well, since it’s a hardware issue, researchers say this exploit needs physical access to the car, making it hard for Tesla to fix remotely.

Gaining Tesla Paid Features For Free

Tesla has long been the strongest EV in the market. And it’s primarily because of its internal features and sturdy hardware that make it a reliable EV today. The car company has long sustained several exploitations from hackers, and it’s majorly because of the prompt response from the patching team.

But this time, a new hardware bug discovered by researchers put Tesla in a complex situation, as it’s remotely impossible to fix! This week, three doctoral students from the Technical University of Berlin and an independent researcher have found a bug in Tesla’s infotainment system that led them to access paid features of the car.

Called voltage glitching, the technique involves tinkering with the supply voltage to the infotainment system’s processor. “If we do it at the right moment, we can trick the CPU into doing something else,” Christian Werling, one of the three doctoral students, said to TechCrunch. “It has a hiccup, skips an instruction and accepts our manipulated code. That’s basically what we do in a nutshell.”

The exploit gives them full access to the restricted features of the car, including the Full Self-Driving mode, personal information like the car’s recent GPS locations, contacts, call logs and calendar appointments. Also, features that Tesla restricted based on regions can be unlocked too.

Preparing to exhibit this exploit at next week’s Black Hat cybersecurity conference, researchers said there’s more work needed to be done. It’s unknown how Tesla will patch this bug, considering that hardware exploit requires physical access to the concerned vehicle.