When we park or store our cars overnight, we often give thought to the valuable items, careful not to leave them in view or not in the car at all. But what if there was valuable extractable information stored within the car itself, giving rise to a potential attack surface vector that could fall into the hands of an opportune, patient or malicious actor.
Following the annual talks that occurred at this year’s Black Hat USA Conference, one talk has stood out in stark regard to the automotive industry “Jailbreaking an electric vehicle in 2023 or what it means to hotwire teslas x based seat heater”. This was provided by Oleg Drokin an independent security researcher and a team of PHD students from the Technical University of Berlin.
Their research announced a method to exploit a recognized voltage glitching attack using low-cost off-the-shelf hardware on the newer Infotainment and Connectivity systems which they showcased in their talk having been able to bypass the security of AMD chip maker’s AMD-SP (AMD Secure Processor) used in Tesla’s newer model’s MCU-Z(Media Control Unit).
What is it and how does it work? / The Modus Operandi
The attack discussed in the talk uses a known fault injection glitching hardware attack to bypass the AMD-SP security and what is known as the root of trust which is a hardware based RSA key used to authenticate the vehicle on Tesla’s VPN(Virtual Private Network).
As Christopher Werling pointed out in an interview with TechCrunch they achieved this by “fiddling around” with the supply voltage to the chip to enable the researchers to achieve the perfect timing required for the attack and to bypass or skip certain protection mechanisms and the leaking of the Versioned Chip Endorsement Key (VCEK).
Perhaps it will be useful to consider what the researchers had to say themselves;
“For this, we are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system. First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP's early boot code. We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distribution.
Our gained root permissions enable arbitrary changes to Linux that survive reboots and updates. They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc. On the other hand, it can also benefit car usage in unsupported regions. Furthermore, the ASP attack opens up the possibility of extracting a TPM-protected attestation key Tesla uses to authenticate the car. This enables migrating a car's identity to another car computer without Tesla's help whatsoever, easing certain repairing efforts.”
The target can be compromised if an attacker has physical access, but that could potentially only be in the first instance as the attacker then has full control over the ability to install custom firmware and only the imagination of the attacker then becomes the limit as to what they can do with the embedded systems.
The intention behind the attack could be a fully compromised system that the attacker will have almost complete control over, with the most basic of implications such as to be able to enable paywalled features, and at the most extreme could result in lethal consequences as has been demonstrated previously, by taking remote control of the vehicle to apply the brakes or a jump in acceleration, the enabling of Full Self Driving (FSD) or even giving dangerous false readings from the vehicles.
Why does this Matter?
This opens a serious can of worms when it comes to the connotations of having data stored on the vehicle hardware of software that can be extracted and which an attacker may very well be interested in for obvious reasons.
Having physical protection over your device in a secure environment can give us a great deal of peace of mind when it comes to our device’s security and the likelihood of an attack occurring. However, this semi-novel approach could leave us all a bit more careful and considerate of the potential data retrieval or modifications to an electric vehicle’s firmware and the implications of having access to that data, being able to transfer vehicle identification profiles, leak sensitive data, stored credentials or even the private encryption keys.
With the manufacturers like Tesla in this case who may be looking to charge for a service or even enhanced analogue features of the vehicle, which could then be ‘unlocked’ by the end user. This could quickly become quite a messy road indeed, as there are no signs of an ability to be able to patch against this type of attack coming anytime soon, currently, giving the tech savvy cat a slight edge over the mouse in this race as it were if they can get close.
Additionally, having a tonne of Tesla vehicles or other exploitable vehicles running around with custom firmware could potentially start to untangle the tight regulations that manufacturers must follow with regard to the automotive industry which begs the question of when will the manufacturers and regulatory agencies address the issue.
How to Protect Yourself
The tried and tested method of locking down or controlling access to your vehicle can go a long way when it comes to securing your vehicle much like has always been the case with anything of value.
Perhaps the use of tamper proof seals from the manufacturer in this case may give the user some peace of mind if there was a directory that they could check for the seal number on for verification.
Applying pressure to the manufacturers themselves in the design of the software and hardware, when it comes to a mechanism to be able to prevent these types of attacks occurring.
This perhaps could be, the detection of custom firmware and subsequent shutting down or bricking of the device, replacing affected hardware during a service or the detection of voltage drops and cross domain voltage glitch detection circuits as is currently being pursued by NVIDIA and can be implemented in a SoC.
Hardening the security of the chips themselves and not utilising any plain text protocols such as HTTP in communications or making the attacks much harder such as with the use of time jitters to make the perfect timing utilised in the voltage glitching of the attack much harder.
This also opens up the possibility for enhanced real time monitoring of the vehicles, with some sort of solution that can alert the user or manufacturer that their device may have been compromised either on the fly or remotely which Tesla already has the ability to detect.
Lastly moving away from easily obtainable information to authenticate the devices such as the Vehicle Identification Numbers (VIN) which are readily displayed for all to see in many vehicles windshields.
Overall, in order to ensure the physical security of our vehicles, other road users and to protect their contents, we will have to be vigilant and diligent in our collective approach to securing vehicles and the data that resides with them.