Tesla Wall Connector bootloader bypasses the firmware downgrade ratchet
4 hours ago
- #Anti-Downgrade Bypass
- #Tesla
- #Firmware Security
- Tesla patched an anti-downgrade mechanism in Wall Connector Gen 3 firmware 24.44.3, but researchers bypassed it by exploiting the update sequence.
- The bypass involves writing a valid firmware to trigger partition table updates, erasing it, then loading an old vulnerable firmware and rebooting without validation.
- This works because the bootloader ignores the security ratchet, relying only on the partition table and firmware signatures.
- The exploit was demonstrated on an updated charger, reinstating version 0.8.58 to re-enable previous attack chains.
- Tesla has since fixed the vulnerability via an OTA update, reducing the network security risk from compromised chargers.