Welcome to the fifth edition of Dellfer Insights, a series curated by our VP of Channels, Shawn Lorenz. The series highlights notable industry news, key takeaways, and why it matters to combat the next cyberattack. This month we look at the Tesla attack presented at the Black Hat conference last week, and then we shift our focus on the need for Electric Vehicles (EVs) OEMs to get ahead of next-generation cyber security requirements before they ship in volume. (That means “Now”).
💡Dellfer Insight #1:  Tesla Hackers Discover ‘Unpatchable’ Infotainment Jailbreak Unlocking Paid Features and Revealing x86-Based Secrets for Free.
As presented last week at the Black Hat conference, a security expert, joined by three Ph.D. students from Germany, discovered a method to manipulate Tesla’s latest AMD-based vehicles, potentially creating the first “permanent Tesla Jailbreak.”
The team successfully hacked Tesla’s infotainment system by leveraging known vulnerabilities in AMD’s Zen 1 CPU, which Tesla’s system is built upon. Using the known voltage fault injection attack against the AMD Secure Processor (ASP), they manipulated the system’s boot sequence using affordable, off-the-shelf hardware.
Once root access was gained, they were able to make enduring changes to the system and access sensitive personal data, such as contact information, calendar entries, Wi-Fi passwords, and much more. Furthermore, the hack enables the extraction of a TPM-protected key that Tesla uses to authenticate cars, thus enabling the transfer of a car’s identity to another vehicle. Not to be underestimated, this breach can assist in operating the car in areas Tesla doesn’t officially support as well as enable unauthorized repair centers to make independent repairs and unsupported modifications.
Christian Werling, one of the researchers, mentioned that by using simple tools like a soldering iron and $100 of equipment, like the Teensy 4.0 board, executing the hack is within everyone’s reach.
More on Fault Injection (FI):
Fault Injection using Crowbars on Embedded Systems
Precise Fault-Injections Using Voltage and Temperature Manipulation for Differential Cryptanalysis
Key Takeaway:
The researchers claim that the vulnerabilities in current Tesla cars are unpatchable. This means that despite any future software updates that Tesla will release, attackers (or even DIY enthusiasts) still will have the ability to execute any code on breached Tesla vehicles when they can physically access the car. This perceived unpatchability arises not from a flaw in a Tesla-specific part but due to a vulnerability in the AMD Secure Processor (ASP) housed within the car’s MCU.
Expanding the point being made, the firmware used in these processors, provided by the Tier 1 component suppliers, needs to be better and more tightly secured. By using the Dellfer toolkit in the firmware design and remediation process, this “unpatchable” issue becomes “patchable.” Both before and after the components ship.
Why It Matters:
Tier One suppliers need to have a fiduciary responsibility to provide better, more secure firmware throughout their products functional lifecycle. When component manufacturers and OEMs find themselves scrambling to deploy “patches” as a response to yet another attack, they act reactively and shut the door after the proverbial cow has left the barn.
OEMs and component manufacturers who use Dellfer’s ZeroDayGuard are afforded tools and methods that allow firmware providers to ship hardened embedded firmware code to their OEMs that protect against all known and unknown attacks without false positives. Simply put, the “hiccup” caused by this Fault Injection would have resulted in a Flow Attack Incident and would have been identified well in advance of the breach. At Dellfer, events and detection, such as this illustrated Tesla breach, is our sweet spot. We live, breathe, and await these challenges and say, “Bring it on.!”
💡Dellfer Insight #2:  EVs are more susceptible to cyber-attacks, and OEMs must get ahead of this problem now.
Electric Vehicles (EVs), at their core, are more technologically advanced, software dependent, and digitally connected than traditional/historic internal combustion engine vehicles of the past. While increased network connectivity provides many benefits, it also presents new risks. The susceptibility of EVs to cyberattacks is a primary concern because of the EV’s heavy reliance on legacy tools and methods developed during the Internal Combustion era.
Here are some expanded threat vectors EVs are challenged by using first generation cyber-tools;
- Increased Software Dependency: EVs rely almost exclusively on software to manage critical systems, such as battery management, energy consumption, propulsion, regenerative braking, and infotainment. More software means more vulnerabilities.
- Connected Dependencies: Modern EVs depend on network-connected features for remote monitoring, remote start, navigation, and more. Adding in additional communication protocols like V2V and V2E exacerbates the issues. These features, while convenient, introduce additional threat vectors for potential cyberattacks.
- Over-The-Air (OTA) Updates: Many EV manufacturers offer OTA updates to software and firmware. Because OTA is not developed and implemented securely in many cases, OTA mechanisms are at grave risk of being exploited as the transport to introduce malicious software into vehicles.
- Supply Chain Complexities: As EVs involve components from various suppliers, adds to the levels of complexity in securing the vehicle. Vulnerabilities in one component or part can potentially impact the entire vehicle. Ensuring security across the entire supply chain becomes a challenge, primarily due to increased component reliance on open-source software exacerbating the concerns.
- Standardization: The EV industry is rapidly evolving. Standards for connectivity and security are still in development. The lack of standardized security measures helps lead to discrepancies and potential vulnerabilities.
- Infrastructure Attacks: Just beyond the vehicle core systems, the global EV charging infrastructure is currently a target. By targeting charging stations as a point of compromise, another threat vector to target the vehicles connected to the charging station impacts the vehicle’s cyber risk profile.
Key Takeaway:
Timing. The evolution of Electric Vehicles provides OEMs an opportunity window to tackle heightened security risks by modernizing tools and strategies before launching the next wave of EV models at scale.
Priority. Cybersecurity within the EV is fundamentally about vehicle and passenger safety and remains under-discussed. Many argue that safety should precede topics like battery efficiency in public discourse. We at Dellfer agree.
Why It Matters:
It is critical for EV and Component OEMs to upgrade their cyber security protection now. By embedding Dellfer’s ZDG into firmware, EVs are well on their way to derisking cyber threats by protecting against all future unknown attacks. Monitoring automotive firmware at runtime, in real-time, is the only viable security solution after the OEM’s hardened code has shipped.
💡Dellfer Insight #3:  Massachusetts Right to Repair law overturned by NHTSA
This is an update to the topic introduced in a previous Dellfer Newsletter.
“A malicious actor here or abroad could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently,” NHTSA Assistant Chief Counsel for Litigation and Enforcement Kerry Kolodziej wrote. “Vehicle crashes, injuries, or deaths are foreseeable outcomes of such a situation.”
Best Response award goes to Bob Lane, Direct Tire of Watertown: ….” I resent the suggestion that my workers would use the data to hurt someone… they are saying a technician working for me today is no longer trustworthy, but yet if they go and work for the auto manufacturer tomorrow, they are trustworthy. That is not right.”
Ouch.
