Researchers from the Tencent Security Keen Lab have recently shared a detailed white paper about their findings of multiple security vulnerabilities in Mercedes-Benz’s latest infotainment system, the so-called Mercedes-Benz User Experience (MBUX). The MBUX is powered by the high-end autonomous vehicle platform of Nvidia, and is currently adopted in Mercedes-Benz’s entire vehicle line-up, including its C-Class, E-Class, S-Class, GLE, GLS, EQC, etc.

The researchers have found multiple attack surfaces and accordingly; exploiting the discovered vulnerabilities could allow hacking the vehicle, for example JavaScript engine, Bluetooth stack, WiFi chip, USB functions, and third-party apps in the head unit of the infotainment ECU. An attacker could potentially use theses flaws and execute, for example, remote code execution, local privilege escalation, heap overflow exploit, denial-of-service, bypass anti-theft mechanism, and take control of the target system.

The researchers claim that the flaws could allow for real-time attacks on vehicles as well as on segregated head units. Regarding their findings, they stated:

“We demonstrated how to send arbitrary CAN messages from T-Box and bypass the code signing mechanism to fash a custom SH2A MCU firmware by utilizing the vulnerability we found in SH2A firmware on a debug version T-Box.”

In their white paper detailed description of how the researchers managed to compromise the head unit and inject different commands to the vehicle through the CAN bus. Example of attacks are manipulation of various in-cabin light sources as; the ambient light, the driver reading light, the passenger reading light, the back-seat passenger light, but also opening the sunshade cover. The white paper also describes some unsuccessful hacking attempts.

The researchers have reached out to the car vendor and reported their findings. And as Mercedes-Benz began patching the vulnerabilities in January 2021, the researchers have now disclosed their report publicly.

Written by Joakim Rosell