Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrades
Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrades
www.tomshardware.com
Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrades
115 comments
-
-
-
I saw a documentary about Renault doing this in Israel I think. With a network of stations looking like auto wash: it takes your car, opens a door under the car, swaps the battery with a full one and off you go.
Apparently it went bankrupt after a year (2012-2013): https://en.wikipedia.org/wiki/Better_Place_(company)
-
Tesla had this exact functionality with their original Model S' ... but like that company it wasn't profitable (or it was just regular ol Tesla mismanagement) so they also stopped doing it.
-
-
-
How about a tow-behind battery for extra capacity?
-
It makes sense, but I already don't trust anyone to tow anything safely.
-
-
Not all EVs use the same pack type and there are advantages and disadvantages to the different types that will continue to change as we progress the technology. It wouldn't make a lot of sense to have universal batteries as it would also limit the designs of the car if it were legislated.
-
Universal batteries would be bad, but standardized batteries would be great. If a battery has certain dimensions and gives a certain output, and can regulate itself as to charge and discharge, it doesn't matter what chemistry it uses or internal cells it has. We have had D, C, B, A, AA, AAA, etc., for years and manufacturers got along just fine within those specs. Removable batteries are already a thing with Gogoro scooters in Taiwan and I think at least one car brand in China.
-
-
I know a guy who started a company to do exactly this (in Europe only for now).
So the battery swap idea is out there, and being acted upon.
-
-
-
-
Common AMD W
-
Cool! Now work on exploits for those paywalled features of BMW cars and Ford cars.
If you pay for something it's yours by right. You should be able to use the entire thing, because you physically have it now.
-
When I need a new car it's going to br older not newer..
-
What's pay walled in a Ford besides bluecruise, which is a service that's constantly updated to add more roads and expand it's usability?
-
Fuck'em rich
-
-
-
Unpatchable
Good to hear
-
Good. There should be no such thing as unserviced features that are physically present in a product and locked out against its owner. Not in cars or anything.
-
Software?
-
What about it?
-
This isn’t sound - “software” is being used here as a physical description but in reality it’s still just a “face” for actual hardware which often do actually have on going costs
-
-
-
Why not?
-
Because it's abusive and blatant rent seeking.
Look, if there's an actual service feature that continually costs money to provide (eg.: a cell connection for distant remote start, GPS nav map updates, etc), charging a reasonable subscription fee for that is totally acceptable. But charging ongoing fees for fixed features like heated seats is 100% bullshit unless you're going to include some sort of service benefits like free repairs (which I doubt they're doing).
-
-
-
Next we will see tesla bricking cars were users have done this
More E-waste!
-
Unlikely, but expect to see more language in sales contracts that "if absolutely any of the software is fucked with in absolutely any way that wasnt done by us the vehicles warranty is absolutely null and void. We also reserve the right to refuse to provide any and all parts and services to any vehicle found to have had its software modified outside of factory parameters." And you best believe they will keep a list of vins and wont care if it was the previous owner.
-
-
A subscription for hardware is such bullshit, I hope this trend dies.
-
We can all do our part by not buying anything from those who do this.
-
-
This is the best summary I could come up with:
Utilizing multiple connections to the power supply, BIOS SPI chip, and SVI2 bus, the researchers performed a voltage fault injection attack on the MCU-Z's Platform Security Processor.
"They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc."
"Hacking the embedded car computer could allow users to unlock these features without paying," the TU Berlin researchers add.
In an email to Tom's Hardware, one of the researchers clarified that not all Tesla software upgrades are accessible, so it remains to be seen if those premium options will also be ripe for picking.
Another consequence is that the exploit can "extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."
The TU Berlin team (consisting of PhD students Christian Werling, Niclas Kühnapfel, and Hans Niklas Jacob, along with security researcher Oleg Drokin) will present their findings next week (August 9) at the Blackhat conference in Las Vegas, where we hope to hear more about all the feature upgrades that are accessible.
I'm a bot and I'm open source!
-
Good Bot
-
-
Nice anti-AMD framing so shortly after that latest Zen2 vulnerability.
-
Right? Probably for attention grabbing, cause they do say the same flaw exists in zen2 and zen3, and the article is by no means slamming AMD for it. But the title does come off that way
-
It's probably because there are both Intel and amd Tesla cars. Newer models use AMD
-
-
Idk unpatcheable vulnerability for the core component of the system seems pretty negligent but what do I know
Not like they make boat loads of profit and are definitely just cutting corners on aspects of staffing to save extra money up for when the planet inevitably burns down (due to the very same people)
-
The vulnerability is much more of an issue for Tesla('s profits) than the owners. It's not a simple exploit and not the worst concern for average users of those chips. You have to have physical access to it in order to exploit it, as well as a system worth hacking (think, national security trying to prevent compromised personnel from physically using the exploit on their systems). I'm not worried about someone breaking into my house to physically hack my computer, just to find some memes and bullshit
It still has to be addressed by both Intel and AMD, because that's their whole industry. But recalls and such aren't needed, because bugs can be exploited all over the place and this one isn't a high level risk for the average end-user. It's more of a concern for Intel/AMD reputation and the large industry users of their chips
-
-
-
Id like to imagine that the coder did this on person as a fuck u.
-
The coder’s name was Galen Erso
-
-
Literally stealing the food from the plates of those hard-working millionaires/billionaires (if you ask them). How will they ever continue to float to the top of the net worth leaderboard now?
-
-
Here is an alternative Piped link(s): https://piped.video/watch?v=PWQL_XORalY
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source, check me out at GitHub.
-
That was fun. Thank you.
-
-
The title seems much more interesting than it is. I doubt most people have the ability to perform this type of exploit. It would be more interesting if a group would charge X to unlock it for you.
-
I hope that becomes more common as these types of features become more prevalent across multiple OEMs. I'd pay a tech-savvy mechanic or a car-savvy hacker quite a bit for features that are already installed but locked behind some arbitrary paywall.
I also just hope regulators put a stop to such behavior first, but I kind of doubt that will happen.
-
-
Oh no! Anyways...
-
They should publish that private key 🤣
-
I see MusX stopping people's car in the middle of the highway when they found out.
-
reading this made me so hard
-
-
I just created the summary! You can find it at https://lemmings.world/comment/919257.
-
Good bot!
-
-
-
Not a flaw, it's a feature developed just for tesla.
-
-
For example, 2021 Model 3 SR+ vehicles can enable the Cold Weather Feature (heated steering wheel, heated rear seats) for an extra $300. This feature unlock is confirmed to work with the exploit.
So like cucks people were paying for something that their car already had offline, both hardware- and software-wise.
115 comments
If all electric cars are just going to be subscription bullshit, I'm sorry, I won't be driving electric.
Even ICE manufacturers have been including hardware that software disabled for a while
I got an OBDeleven for my 2015 GTI so I could unlock stuff and customize. Enabled rolling down the windows with the key fob, being able to display the engine oil temp in the dash and also setting the accelerator pedal curve to linear.
Subscribe to enable your BMW seat heater! They definitely require periodic software updates and is absolutely NOT a blatant money grab
There are some manufacturers that do not do this garbage, or at least not often. I've heard good things about Hyundai specifically.
It won’t just be electric cars, it’ll be all new model cars from manufacturing companies. At least until ICE is phased out.
More like, until the Chinese weasel their way into the US market with cheaper-than-used cars to undercut the legacy auto makers. 10 years or so, it'll happen. And the big 3 will be begging for bailouts again. That is unless they smarten up and remember what made Ford what it is today.
Yeah. GM's subscription nonsense is for their ice cars too. BMW's aborted seat heater thing was too.
Cory Doctorow has written a great article about this phenomenon a few days ago: https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon
Basically we move back to a feudalism world where you don't own anything anymore and you have to pay recurring rents. And as you don't own it they can fuck you over by increasing rents or disable features when you can't pay.
This is why I keep an oldish diesel car with no extra electronic features in my garage. No weird features, and can still run even without a battery.
Although, I think the reason I kept the car is because of my paranoia of an EMP event frying electronics.
Yeah that's true. I wonder if the market for older cars has been going up yet.
Have you seen the automotive industry as of late? This isn't a EV issue nor is it really new. We've had things like OnStar for years and the entire industry has started to chase the gaming industry's microtransaction BS for a while now.
https://www.theverge.com/2022/7/12/23204950/bmw-subscriptions-microtransactions-heated-seats-feature
https://www.thedrive.com/news/43329/toyota-made-its-key-fob-remote-start-into-a-subscription-service
The future looks like a potential live service hell scape for the auto industry EV or otherwise.
Everything is being ruined. It feels like hyperbole but I'm not sure it is.
Yes, I know it's industry wide. What I'm saying is that with EV being the future of cars I don't want them all to be subscription based.
I have a Rivian and it works great with no subscription. The only thing you can add via Sub is a hotspot, which seems reasonable to me.
I'm okay with being charged a monthly subscription for something that has an ongoing cost, like mobile data. So long as I can still hotspot my phone and access 'premium connectivity' features over wifi, that is.
At some point, there will be practically nothing else to drive...
All the more reason to support public transportation.
Sure there will, always. Fix it yourself jalopies aren't going away. Get yourself a cheap-o used junker and mod it to be electric, if you can't or won't use ICE. DIY isn't just 3d printers and FOSS. Or get a bicycle and mod it into an e-bike.
All these upgrades are one time payments for an upgrade, much like sales point dealer add-ons for conventional cars. However recently they did allow you to buy a monthly subscription to FSD. But the option to buy it outright was always there, and still remains.