Tesla Hackers Are Fighting Digital Extortion

A group of security researchers announced last week that they skipped the $300 fee from Tesla to activate its rear seat-warmers—opting to hack the car instead. By exploiting a known vulnerability on a custom-built microcontroller on the Tesla’s media control unit (shown below) and injecting their own code, hackers at the noted cybersecurity conference Black Hat signaled that automakers’ efforts to cordon off features behind paywalls won’t go unchallenged by technically adept vehicle owners.

The group responsible for the jailbreak made use of a discovery presented at last year’s Black Hat Briefings: a so-called “voltage glitch attack” that allowed the attackers to execute custom payloads on the Tesla’sAMD-based media control unit (MCU).

Fight to Repair is reader-supported. Sign up to receive new posts in your inbox or become a premium supporter to get access to original reporting and full length podcasts.

The seat-warmer hack is part of a bigger backlash against companies, Tesla included, for their use of software as a means of tacking on extra costs to their products in perpetuity. Tesla, for example, has introduced subscriptions for use of seat warmers that are built into late model vehicles. It is also alleged to have disabled the “trailer mode” safety feature on Tesla vehicles that do not use a Tesla-branded trailer.

Source: The Drive

Subscriptions could increase demand for hardware hacks

Attempts to “jailbreak” devices and free them from constrained and expensive vendor ecosystems are growing. At the Pwn2Own conference, security researchers successfully gained root access to a Tesla’s system and claimed full control of the vehicle, showing once again how the power and control that companies hold over devices can be reclaimed.

The company caught a flurry of criticisms in 2022 for attempting to charge a customer $4,500 by using software to lock the final 80 miles of range in his battery pack. The company claimed it was a fix for a configuration error, while the customer, a third owner of the vehicle who had bought it as a Model S 90, was told he needed to pay to regain the locked capacity.

Paywalls aren’t airtight

With the Internet of Things growing at a rapid pace, access and connectivity have become flashpoints, as companies are caught disabling features or devices with little or no warning or bricking devices entirely, rendering functional hardware useless absent a working connection to management servers and software. Legislation proposed in previous sessions of Congress, like the Fair Repair Act, seek to outlaw such practices, but legal action from companies and lack of access to these tools remain significant hurdles.

Other News

EPA calls “bulls**t” on Ag Equipment Makers Clean Air arguments – in a letter to the National Farmers Union, the Environmental Protection Agency (EPA) tossed cold water on longstanding arguments by agricultural equipment makers that restrictions on owner and independent repair of agricultural equipment are needed to prevent tampering with emissions monitoring systems. “The Clean Air Act makes no distinction between repair by a manufacturer versus another party,” the letter from EPA Administrator Michael Regan, dated August 4th, 2023, reads. “Actions that qualify as repair or replacement are allowed under the Clean Air Act regardless of who makes them. Moreover, nothing in the Clean Air Act or the EPA’s regulations limits a manufacturer’s ability to provide service tools and information to consumers and independent repair facilities for the purpose of repairing their equipment,” Regan wrote.

Activist groups are stopping Google’s autonomous vehicles with only traffic cones. Safe Street Rebel has gained attention with a viral TikTok video that highlights the negative impacts of Google’s Waymo and GM’s Cruise autonomous vehicles in San Francisco, including their disruption of traffic and emergency vehicles, as well as concerns about surveillance and privacy. The video encourages opponents of autonomous vehicles to place traffic cones on the vehicles’ hoods as a form of protest and attention-grabbing. The group aims to raise awareness about the lack of public consent for robotaxi’s, arguing that the false promises of companies will be similar to that of Uber and Lyft, which ultimately led to increased congestion and emissions.

Right to repair bills get bipartisan support in statehouses – Legislation that gives consumers greater flexibility in repairing products from smartphones to farm equipment is uniting Republicans and Democrats at the state level.

Political gridlock at the federal level has hindered efforts to compel manufacturers to disclose technical details and make parts more available for repairs. By contrast, more than 30 states considered such right-to-repair bills in 2023—states as diverse as Texas and Hawaii.

Zero Motorcycles is offering all its service manuals for free, recognizing the importance of providing DIY enthusiasts access to essential information for maintaining and repairing vehicles, including details about specific procedures for their electric motorcycles like tensioning the Gates carbon belt drive on the Zero SR/F model. This gesture is aimed at promoting better maintenance practices and extending the lifespan of vehicles.

People for Bikes push for e-bikes to be exempted from right to repair laws – People for Bikes, an advocacy group is teaming with e-bike manufacturers to amend Right to Repair laws and exclude complex e-bike batteries from DIY repairs due to safety concerns arising from e-bike-related fires. The groups say ebike batteries – which have been linked to numerous fires -should be excluded from consumer right to repair laws. Many e-bike-related fires stem from modified or substandard bikes lacking proper safety certifications.

DEF CON presentation shows robot vacuum owners how to liberate their devices to prevent snooping – Amazon’s attempts to buy the robot vacuum maker iRobot led to immediate speculation that the online retail giant was looking to use the vacuums to spy on customers’ homes, as new robot vacuums are equipped with smart-phone like features such as video recording, and voice control. Now a researcher at Northeastern University is advocating for users to have more control over their robot vacuums, even enabling hacking to disconnect from the cloud and repair devices independently. Dennis Giese, a PhD student, used a talk at the DEF CON conference to tell users to wipe data and perform factory resets before selling or disposing of robot vacuums to prevent data extraction.

There is significant bias in “circular-plastic” studies according to a recent report by Reloop and Zero Waste Europe (ZWE) asserts that several studies favoring single-use takeaway packaging over reusable options are “biased” and lack transparency due to funders’ interests, cherrypicked scenarios, and false assumptions. The report specifically analyzes Life Cycle Assessments (LCAs) from the European Paper Packaging Alliance (EPPA), McDonald’s, and the University of Michigan, finding flaws in methodology and conclusions, while highlighting the need for more robust frameworks and a focus on sustainable systems in the takeaway packaging sector.

Sony’s WF-1000XM3 wireless earbuds were initially praised for their repairability due to easily accessible batteries and simple assembly, making them a strong contender against Apple’s unrepairable AirPods. However Shahram Mokhtari at iFixit writes that, Sony’s subsequent models, the WF-1000XM4 and WF-1000XM5, have regressed in terms of repairability, with the XM5 being particularly disappointing.

Repairability of Apple’s new MacBook Pros are being called into question by YouTuber Hugh Jeffreys. They highlight that difficult repairs due soldered components, glued batteries, inaccessible calibration software, and proprietary hardware. The laptops score a low repairability score due to limited third-party repair options and challenges associated with fixing internal components, earning a 4 out of 10.

IFixit Adds Google Pixel 7A Repair Parts To Its Inventory – repair website iFixit has added official parts for Google’s newest slab phone to its store. iFixit has been stocking genuine Google Pixel phone parts for over a year after it made a deal with Google to sell parts. The move is the latest in a string of decisions by phone makers to improve the accessibility of OEM components.

Fight to Repair is reader-supported. Sign up to receive new posts in your inbox or become a premium supporter to get access to original reporting and full length podcasts.