Tencent Cohen Labs said it studied the wireless function module (the Parrot module on model S) and found two vulnerabilities in order to gain a deeper understanding of the security of Tesla’s on-board system. One exists in wireless chip firmware and the other in wireless chip drivers. By combining these two vulnerabilities, an attacker could execute arbitrary commands in the Parrot module’s Linux system. That is, through these two vulnerabilities, an attacker can remotely penetrate a Tesla car system via a wireless protocol.
Over the past two years, Tencent’s Cohn Labs has demonstrated how to break into Tesla’s CID, ICs, gateways, and self-driving modules. This process leverages multiple vulnerabilities in the kernel, browser, MCU firmware, UDS protocol, and OTA update process. They also analyzed the specific implementation details of automatic wipers and lane recognition and attempted attacks on the flaws in the real world.
Cohen Labs reported two vulnerabilities to Tesla in March 2019, and Tesla fixed them in version 2019.36.2. Marvell also fixed the vulnerability and issued a security bulletin for the vulnerability.
Clicking on the link to learn the details of the Marvell wireless chip firmware and the vulnerabilities in the driver, security researchers also demonstrated how to exploit these two vulnerabilities to remotely implement command execution within the Parrot system by sending wireless packets only.