Tesla Wall Connector bootloader bypasses the firmware downgrade ratchet
Synacktiv researchers published a detailed analysis of the Tesla Wall Connector's firmware update mechanism, revealing a critical flaw in the bootloader that bypasses the firmware downgrade protection. The ratchet mechanism, designed to prevent installation of older firmware versions, can be circumvented by manipulating the bootloader's signature verification process. This allows an attacker to downgrade the firmware to an older, vulnerable version, potentially exploiting known security holes. The attack is performed through the charge port connector, requiring physical access to the device. The researchers demonstrated the exploit on a Tesla Wall Connector, but the vulnerability may affect other Tesla products with similar firmware update mechanisms. Tesla has been notified and is working on a fix. The discovery highlights the importance of secure boot and firmware update mechanisms in IoT devices.
Developers must ensure bootloaders enforce firmware downgrade protections to prevent rollback attacks.