A safety vulnerability in Tesla’s Telematics Management Unit (TCU) allowed attackers with bodily entry to bypass safety measures and acquire full root-level code execution.
The flaw stemmed from an incomplete lockdown of the Android Debug Bridge (ADB) on an exterior Micro USB port, enabling a bodily current attacker to compromise the automobile’s TCU. Tesla has since patched the vulnerability by way of an over-the-air (OTA) software program replace.
In accordance with NCC Group, the vulnerability was current in Tesla firmware model v12 (2025.2.6). Whereas Tesla carried out logic to dam direct shell entry by way of adb shell on manufacturing units, researchers found this lockdown was inadequate.
It failed to forestall two important ADB options: the power to learn and write information as the foundation person, utilizing adb pull and adb push, and the power to ahead community site visitors with adb ahead.
Because the ADB course of (adbd) on the TCU runs with root privileges, these oversights created a robust assault vector.
Tesla’s Telematics Management Unit Vulnerability
An attacker may exploit this flaw by bodily connecting a tool to the TCU’s uncovered Micro USB port. The assault concerned a number of steps:
Add a Payload: The attacker would use the adb push command to add a malicious executable script to a writable listing on the TCU, corresponding to /tmp.
Set off Execution: The attacker would then abuse the kernel’s uevent_helper subsystem. By writing the trail of their malicious script to the uevent_helper file, they might trick the kernel into executing it with root privileges when a system occasion was triggered.
Acquire Entry: A easy motion like studying a file with adb pull was sufficient to set off a uevent, inflicting the malicious script to run. Within the proof-of-concept, the script began a Telnet server, which the attacker may then connect with utilizing a port forwarded by way of adb ahead, granting them a root shell on the gadget.
The influence of this vulnerability is extreme, as gaining root entry on the TCU provides an attacker full management over that part. Whereas the assault requires bodily entry, a compromised TCU may probably function a pivot level for additional assaults on the automobile’s inner community.
The vulnerability was responsibly disclosed to Tesla on March 3, 2025. Tesla acknowledged the report the next day and commenced rolling out a patch in firmware model 2025.14 on April 24, 2025.
The repair resolves the problem by utterly disabling the ADB interface on the Micro USB port for manufacturing automobiles, guaranteeing it could possibly not be used as an assault vector.
The general public advisory was launched by NCC Group on September 29, 2025, after the patch was broadly deployed. This incident highlights the continuing efforts by safety researchers to probe automotive methods and the effectiveness of Tesla’s OTA replace mechanism in quickly deploying safety fixes to its fleet.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
