A subscription for hardware is such bullshit, I hope this trend dies.
We can all do our part by not buying anything from those who do this.
Good. There should be no such thing as unserviced features that are physically present in a product and locked out against its owner. Not in cars or anything.
Why not?
Because it’s abusive and blatant rent seeking.
Look, if there’s an actual service feature that continually costs money to provide (eg.: a cell connection for distant remote start, GPS nav map updates, etc), charging a reasonable subscription fee for that is totally acceptable. But charging ongoing fees for fixed features like heated seats is 100% bullshit unless you’re going to include some sort of service benefits like free repairs (which I doubt they’re doing).
This is the best summary I could come up with:
Utilizing multiple connections to the power supply, BIOS SPI chip, and SVI2 bus, the researchers performed a voltage fault injection attack on the MCU-Z’s Platform Security Processor.
“They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc.”
“Hacking the embedded car computer could allow users to unlock these features without paying,” the TU Berlin researchers add.
In an email to Tom’s Hardware, one of the researchers clarified that not all Tesla software upgrades are accessible, so it remains to be seen if those premium options will also be ripe for picking.
Another consequence is that the exploit can “extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla’s internal service network.”
The TU Berlin team (consisting of PhD students Christian Werling, Niclas Kühnapfel, and Hans Niklas Jacob, along with security researcher Oleg Drokin) will present their findings next week (August 9) at the Blackhat conference in Las Vegas, where we hope to hear more about all the feature upgrades that are accessible.
I’m a bot and I’m open source!
Unpatchable
Good to hear
If all electric cars are just going to be subscription bullshit, I’m sorry, I won’t be driving electric.
Even ICE manufacturers have been including hardware that software disabled for a while
There are some manufacturers that do not do this garbage, or at least not often. I’ve heard good things about Hyundai specifically.
For now they have customer goodwill to win back after nearly a decade of building cars that practically fell apart in a year or 2 in the late 00s and early 10s.
They’ll catch up to the others in anti-consumer practices soon, but for now they’re a good choice if you don’t particularly care for performance or ride quality.
Tesla got rid of the heater subscription bullshit in 2021. Now, the only thing locked behind a paywall is internet related stuff (sentry over mobile, streaming media access, etc.), the performance boost, and FSD.
But if the car is completely capable of habe that performance, why should people pay for it.
Oh I’m just correcting the article. Facts are better than fiction for conversations about reality.
It won’t just be electric cars, it’ll be all new model cars from manufacturing companies. At least until ICE is phased out.
Cool! Now work on exploits for those paywalled features of BMW cars and Ford cars.
If you pay for something it’s yours by right. You should be able to use the entire thing, because you physically have it now.
When I need a new car it’s going to br older not newer…
They should publish that private key 🤣
Nice anti-AMD framing so shortly after that latest Zen2 vulnerability.
Idk unpatcheable vulnerability for the core component of the system seems pretty negligent but what do I know
Not like they make boat loads of profit and are definitely just cutting corners on aspects of staffing to save extra money up for when the planet inevitably burns down (due to the very same people)
The vulnerability is much more of an issue for Tesla('s profits) than the owners. It’s not a simple exploit and not the worst concern for average users of those chips. You have to have physical access to it in order to exploit it, as well as a system worth hacking (think, national security trying to prevent compromised personnel from physically using the exploit on their systems). I’m not worried about someone breaking into my house to physically hack my computer, just to find some memes and bullshit
It still has to be addressed by both Intel and AMD, because that’s their whole industry. But recalls and such aren’t needed, because bugs can be exploited all over the place and this one isn’t a high level risk for the average end-user. It’s more of a concern for Intel/AMD reputation and the large industry users of their chips
Right? Probably for attention grabbing, cause they do say the same flaw exists in zen2 and zen3, and the article is by no means slamming AMD for it. But the title does come off that way
It’s probably because there are both Intel and amd Tesla cars. Newer models use AMD
