In November of 2019, I attended Ret2 Systems’ Advanced Browser Exploitation in Troy, New York, learning in great detail about the internals of Google Chrome’s V8 and Apple Safari’s JavaScriptCore. At the end of the five day course, we ended by implementing a full Chrome exploit that popped xcalculator
as long as the sandbox was disabled.
A few weeks later, a shiny new car arrived. One of the first things I noticed? A Chromium-based browser that was severely out of date.
This seemed like an excellent application of the skills from the training, so I started to monitor Tesla’s updates and watch for V8 patches that could be used as the basis for an exploit. The project fell to the back burner for awhile, until an Exodus Intelligence blog post caught my eye at the end of February 2020.
By this time, Tesla had released several software updates, bringing Chromium to 79.0.3945.88 in their 2020.4.1 release. Since the Tesla software predated Google’s patch by a few weeks, it seemed pretty likely that the in-car browser would be vulnerable! Since Exodus provided a full exploit, the first 90% was done, and all the remained was the second 90% of porting over to the Tesla.
Read More