Researchers at Technische Universität Berlin have used a technique called ‘voltage glitching’ to hack into a Tesla Model 3.
The hack focused on the hardware supporting Tesla’s infotainment system, allowing them to access premium features that would typically require paid upgrades.
Three students at TU Berlin, along with another independent researcher, said the attack required physical access to the car.
They will present their findings at the Black Hat cybersecurity conference in Las Vegas later this month.
Voltage glitching is when a high-voltage pulse is injected on to a power rail of a device. Correct timing of the pulse can corrupt data or jolt a device to skip its authentication process which secures it against unauthorised access.
Using this technique on the Model 3 technique, the researchers said they were also able to extract the encryption key used to authenticate the car to Tesla’s network, as well as personal information from the car such as contacts, recent calendar appointments and locations the car visited.
Speaking to TechCrunch, Christian Werling said: “If we do it [voltage glitching] at the right moment, we can trick the CPU into doing something else. It has a hiccup, skips an instruction and accepts our manipulated code. That’s basically what we do in a nutshell.”
This is not the first time a group of researchers have been able to access Tesla vehicles due to vulnerabilities.
In March this year, researchers for French security firm Synacktiv said they were able to remotely hack into a Tesla Model 3, turning off its lights and interfere with the infotainment system.
The breach was carried out at a computer hacking competition Pwn2Own in Vancouver, Canada.
Tesla has been working alongside ‘whitehat’ (ethical) hackers – which help identify security issues for companies – and was participating in the Pwn2Own competition.
According to data analytics company GlobalData, Tesla was ranked first in the top five companies by social media posts related to cybersecurity in Q1 2023.