Tesla hackers turn to voltage glitching to unlock paywalled features There is a way to unlock those paywalled features in your car, as a group of German PhD students demonstrated at Black Hat, but it probably won't keep the automakers up at night. In a talk this week, a trio of Technische Universität Berlin boffins demonstrated how they were able to bypass the $300 purchase requirement to …
Soft locks are a high tech equivalent of things that have been going on for decades.
You want cruise control in that Vauxhall? Find one in the scrapyard with it and swap the indicator stalk.
Can't remember the make, but two rear fog lamps will cost serious extra cash - or you can always just fit the missing bulb yourself.
I'll bet some people here remember overclocking PCs in the 90s when it was a case of switching jumpers on the motherboard until you got to the highest speed the CPU would run at regardless of what it said on the chip's casing.
I'm pretty sure it was AMD who had electrical links on the chip casing selectively broken to set the speed. Rubbing the broken links with a graphite pencil was sometimes enough to turn a 100MHz CPU into 133, which in those days was a lot.
"There's a well known range of oscilloscopes that can be updated to a higher spec by hacking the firmware."
Ages ago when I worked on IFR communication service monitors, I found that I could activate a whole bunch of features by adding a resistor and capacitor to one of the circuit boards. You wouldn't get the internal DMM as the hardware would be there for that, but it would show up on the menu. I recall that one of the added features was DTMF decode.
"Soft locks are a high tech equivalent of things that have been going on for decades."
Oh, I know. I once had a cheap (but modern at the time) video recorder. Opening it up, a massive mostly bare circuit board. The masses of crap inside my old Betamax had, in this device, been shrunk to two or three chips.
There was a rather conspicuous row of holes next to another row of holes. One was linked with a piece of wire. I unsoldered it and fitted a bank of DIP switches.
And fiddled.
And discovered Long Play mode, HiFi audio, a much better pause (used a memory buffer so the picture didn't wobble), and something else (I forget what). All features that would have cost plenty of extra cash... just for a different arrangement of link's inside.
I know it happens. A lot. Doesn't make it any less shit. If they can afford to pack all the features into the cheap model and turn them off, then having them turned on is just fleecing the customer.
The only difference between a Garmin GPS-95 (aviation use, could display speeds (100kt) and the GPS-45 (everything else, blanked the display over 100kt) was a single wire link on the circuit board. Oh yes, and the 95 cost five times as much as the 45.
a single wire link on the circuit board
ISTR that back in the 70s both IBM and ICL had processor "upgrades" that basically involved cutting a wire to take a divide by 2 circuit out of the CPU clock line. The "upgrade" required a field engineer visit and a 6 figure sum.
"The only difference between a Garmin GPS-95 (aviation use, could display speeds (100kt) and the GPS-45 (everything else, blanked the display over 100kt) was a single wire link on the circuit board."
There can be government regulations for certain GPS functions. High speeds and high altitude are locked out. When I was working on rocket landers, we had to get a letter from NASA to be allowed to unlock RT2/RTK, 2cm accuracy with a differential setup. I think that also cost around $20,0000, but we won a NASA prize worth considerably more by having it.
I'm against DRM and Secure Boot in general. Do you own the thing you bought or not?
If Dell or Lenovo sold a computer that you were forbidden from changing the software on (i.e. running Linux..) then there would be uproar. Yet somehow Apple, Google and now Tesla are getting away with selling people something which is really not theirs, more like a perpetual rental.
"...selling people something which is really not theirs, more like a perpetual rental..."
But this is how some companys are now using tech to keep the cash rolling in.
In the computer business, this sort of carry on has been going for years, with the likes of MacAfee, Sage and others (including MicroShaft, who want to sell Windows from the Cloud) charging significant sums every month/year so you always have the latest version, EVEN IF the current software you are running works perfectly well.
And the same is happening with cars with ULEZ schemes (in some UK towns/cities) where older cars and their owners are being targeted to pay more money into someone else's coffers, simply because the commuter needs to go somewhere in THEIR area.
The same happened when the Dartford Bridge Crossing opened...where a fee was charged each time you went over it, just so the cost of building it could be recouped...and once it was paid for, the UK Govt changed the law and kept the charge going, even increasing it and then privatising the company who collected the cash.
Ultimately, if something becomes popular (rather than niche), then some accountant somewhere will cotton on to the fact that the popularity will produce a high income stream.
And of course, Netflix, Spotify and others are now doing the same - raising prices due to them becoming popular.
Having rear seat heaters will no doubt become the next "must have" for all future cars - even if it rapidly drains the electric batteries, such that you then need to go to a charging point and wait 4 hours for the car to be topped up so it can get to it's intended destination ! But at least your passengers bums will be warm :-)
I also hate rental, but ULEZ is not about perpetual rental. It is also not about saving the planet from warming due to CO2 emissions, whatever tories and the popular press may say. It is instead about deterring the use of dirty diesels in built up areas because the emissions damage and kill the young.
OP is confusing ULEZ with "15-minute cities". This is the idea most services should be a short walk away, so most people should be able to use their local amenities instead of driving across town to go to work or to use a GP or shop (which may be better than their local if they don't live in such an affluent area ...).
This is being trialled in Oxford, where the town is divided in to zones, and each resident gets a limited number of permits to drive directly between zones, after which they must either use the already-congested ring-road (driving further, releasing more CO2 and pollutants..) or pay a fine, which goes into the coffers of the area that they entered.. Oxford is notoriously unequal. In the north west of town, house prices are in the range of 1 to 3 million. On the opposite side in "The Leys", they have some of the roughest council estates. 15-minute cities amplifies that inequality and will make people feel trapped in their own neighbourhood, and unwelcome in others. It disproportionally affects the poor, who cannot afford to pay the charge nor the extra petrol to get round the ring road. It's a really awful system that only a Tory could have dreamt up.
Back in 2008 or whenever it was, I was moaning about the congestion charge system - Not because of the charge, but because of the "ANPR-and-more" cameras that have to be installed on every Nth lamppost around London.
Both ULEZ and 15-minute cities require the same infrastructure: A unified AI-powered surveillance system, like what they have in China and the West Bank.
Sadiq Khan has said that he might scrap some of the ULEZ but keep the cameras. That's because ULEZ is only the excuse, not the goal.
> It is instead about deterring the use of dirty diesels in built up areas because the emissions damage and kill the young.
It's somewhat ironic, actually, that the newer ULEZ-compliant "clean" diesels emit more nanoparticulate "pm2.5" pollution than the old "dirty" diesels did. Old diesel engines produced a lot of visible black soot - but this is easily filtered out by the nose. They did not produce so much of the PM2.5 pollution, which has been steadily increasing since modern emissions standards for engines, and which is far more damaging "to the young" as you put it, because it cannot be effectively filtered, and ends up in our bloodstreams.
...and of course the old story of IBM and their (probably dot matrix) printers
They made two that were identical but one would print documents faster. The only difference between the two (apart from badges and labels) was based on where the rubber band connecting the motor to the print head was positioned during manufacture.
Pay IBM some dosh and your slow printer was magically printing faster - and all down to an IBM engineer moving the belt over, from the small pulley to the larger pulley next to it.
More likely to be chain or line printers than dot matrix, the big beasts that you actually got IBM techs in to service them.
Was also told, back in Uni, that IBM played the "move the rubber band" trick for their big mechanical calculators (not the desktop ones!) and before then the tabulators.
Allegedly, the service techs getting rid of the customer's tech by asking for a cuppa after theatrically taking of panels (and probably lots of sucking of teeth: "you been doing a lot of division then, guv?").
A good reason why BMW and Tesla are on a don't buy list.
I am not renting electric seats.
If the element is there I am having it.
Cruise, current car fit switches, just worked, switches not cheap.
Previous, fit switches then flip a flag in the ECU, but its previous model was a lot more work due to being cable not DBW.
I guess Tesla is right. If the owner has to go through the shenanigans of hacking his own computer every time he wants to start the car, it's quickly going to get old.
The article isn't quite clear on whether other things can be unlocked as well.
Still, spending some time every time you need to leave just to ensure that you have whatever features you didn't pay for but still want is going to quickly run up against the hassle of the wires, the laptop and the time it takes to dally around instead of actually getting where you need to go.
And good on Tesla for hardening their computing platform. "They couldn't get in" is about as good a reward as you can expect in this domain.
Now, if only they could get the autopilot working . . .
Well, it's not a problem for Tesla, but the user is paying $3000 just to be allowed access to a switch. From an environmental point of view, this is totally bonkers. Raw materials and energy go into hardware features that will never be used if the owner of the vehicle doesn't pay for them. What a complete waste....
Additional battery capacity is a software switch too, isn't it? So if you don't pay for that switch, then you have a bunch of battery cells sitting there unused -- adding weight to the vehicle and wasting the (somewhat scarce) resources that were used to manufacture the unused batteries.
"Additional battery capacity is a software switch too, isn't it?"
Hmm, doesn't La Grosse Pomme (*) have all the patents on messing with battery capacity?
* - Hard day at work and I'm all Frenched out and running on autopilot, so I'm just guessing "pomme" is feminine.
> then you have a bunch of battery cells sitting there unused
No, it would still use all of the cells. It would just change the max/min states of charge that it will charge/discharge the battery to.
TBH, if you don't unlock the extra capacity, the battery will probably last a bit longer before it ends up on the scrapheap.
(Just long enough not to be covered by Tesla's warranty when it does, no doubt...)
"(though they appear to last getting on for 10 years anyway)."
I wonder what a new battery will cost for a 10 year old Tesla? Will they even still supply the right type and size of battery packs? There's lots of 20 year old ICE cars still on the road, and much older too, of course, so 10 years life followed by a huge battery replacement cost that will probably be more than a 10 year old car is worth is going to totally hammer the "green" credentials of EVs. The transition to EVs is going to be slow and painful for the customers and many are going to feel ripped off.
"I wonder what a new battery will cost for a 10 year old Tesla?"
Replacement Prius batteries aren't that expensive from third parties. I've seen Li replacement pack kits to swap out for the OEM NiMh originals that add a bunch of capacity. It's going to be the third party companies making replacements and refurbishing used packs that are going to get the prices down. The early Model S packs are like hens teeth to find. Many conversion companies like those since they're very modular and the Panasonic cells are very robust. I see too many comments where people believe that old packs will go to landfill which isn't the case. They still have loads of value even if they've lost 1/3 of their original capacity. I know the local scrap yards have standing orders for EV battery packs as wrecked vehicles come in.
"Additional battery capacity is a software switch too, isn't it?"
In that case the added battery capacity is used to keep buffering the reported capacity as the battery ages and settles. If they advertise a 60kWh battery, they'll install something like a 67kWh pack and use the 7kWh as a buffer since the battery will settle a few kWh's initially and later on will start losing a bit every cycle. People would freak out if their 60kWh pack that was giving them 67kWh when they first bought the car settled to 64kWh even though it's still over what was advertised. It's also going to extend out the time when the pack would have to be replaced under warranty until that warranty has expired.
I get your point about being a complete waste. However, we are not privy to the math behind the decision. In some cases, like heated seats, it may be cheaper to produce all seats and associated wiring to support the feature. Versus maintaining separate supply lines, inventory, shipping, etc for heated & unheated seats. A lot of those expenses continue to grow over the supported lifetime of the vehicle (ie: keeping warranty spares on-hand).
It would be interesting to see how the math pencils out.
The math has been defined for many, many years.
As far back as the end of the 80's, BMW fitted a single spec of wiring loom to the E30 line of 3-series. This featured a number of things, including wiring for the optional extra foglights and a connector for the foglight button that allowed either no (some markets), a single switch (Euro rear-fog only) or upgraded dual (front/rear fog light) switch. The blank/single/double switch all fit in the same housing under the headlight switch. Dealers could pop out blanks in the front bumper, throw a pair of fogs in and then a switch and upgrade.
Toyota has done similar since the early 90s with wiring for rear speakers, albeit not providing them. Again, allowing for a single loom and easy dealer-level upgrades.
Another user has mentioned the cruise-control piece with a need for a simple stalk to be added.
The simplification and ability for the dealer to tack-in some polish with little effort has consistently been a great way to cut costs in terms of maintaining loom-variants and similarly add instant value to a consumer to get a deal over a line.
"I need warm beer."
It's far more efficient to heat the seats than to try and heat the whole cabin which is a really big deal with an EV. It can get below freezing in winter where I live and I'd love having a heated seat that warms up right away.
I would think that rather than hacking the software control it would make more sense to come up with something that plugs into the wiring harness and adds a switch that can be mounted somewhere.
Erm, did it occurs to anybody that heated seats are just resistors and can be controlled by a button ( controlling a an adjustable resistor, or just an on/off button )... Instead of a computer.
Until recently ( and according to the rented car I had two week ago, ) it was controlled by buttons, so it shouldn't be too hard to just bypass the whole computer thing, hardwire a button ( I know it's not easy on some touchscreen mad modern cars, especially Teslas ) and you're done.
Next they are going to tell you ABS is optional ( since it was at some point in the past... 30ish years ago, it's not far fetched ) and you will have to pay a rent for a proven safety feature...
"Erm, did it occurs to anybody that heated seats are just resistors and can be controlled by a button"
You really want a controller that is a bit more than a simple button. At the very least you want something that cuts off power if the seat gets too hot. I'd like something with at least two settings so I can really crank it up in winter when I'm wearing more layers and less when I just need to take the edge off the chill.
Reading this article I am thinking this is completely bonkers. The stuff the researchers unlocked I would never want in a vehicle and likewise for most that is included in the standard model.
Personally an electric vehicle that inserts the minimum electrical enginering between the batteries (and/or generator) and the electric motors on the wheels is infinitely preferable. ie go faster / go slower pedals (accelerator / (regenerative) braking) and leave the mechanical/hydraulic bits alone. The large computer screens in the driver compartment are an unwanted distraction - I would rather attend, using low-tech mirrors, to the homocidal lunatics in front, behind and one or other side (or both) of me who are presumably learning to drive from their Tesla's computer screens. Which is really the nub of the matter - these high tech vehicles are making already crap drivers crappier.
There has to be a market for a basic vehicle that really only substitutes a battery and electric motors for the internal combustion engine retaining the tried and true reliable technology - I should think and hope even Teslas have haudraulic disc brakes but I guess typically if the battery died then there would be no power assist (I would hope, vainly I suspect, the regenerative current from the wheel motors could then be redirected to power the brakes' haudraulic pumps.)
"Here you go:
https://youtu.be/mFfAuL5X9qg"
Quick, show it to Elon! That will be Tesla's first estate sorted. It will just be made from stainless and carbon fibre, have all of the expensive 'features' and sell for an announced price of $36,000 but really it will be $44k and out in 6-8 real years.
"There has to be a market for a basic vehicle that really only substitutes a battery and electric motors for the internal combustion engine retaining the tried and true reliable technology"
You've described a fleet vehicle. In the US, the various government agencies have endless numbers of cars that don't need to be all that special, drive far or carry 8 adults. I was just driving past a couple of schools in the area that have solar canopies over the car parks. I didn't spot any EV charging leads. I know the school district has a whole bunch of cars and vans that could all be electric and could recharge at the schools and district facilities. I can't recall any of them not having solar canopies.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
