U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacking the infotainment system used in Mercedes-Benz cars

Security researchers identified five vulnerabilities in the infotainment system in Mercedes-Benz cars, four of them are remotely exploitable. Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars. The experts focused their analysis on the Mercedes-Benz User Experience (MBUX) […]

Mercedes Benz

Security researchers identified five vulnerabilities in the infotainment system in Mercedes-Benz cars, four of them are remotely exploitable.

Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.

The experts focused their analysis on the Mercedes-Benz User Experience (MBUX) infotainment system, which was first presented by the carmaker in 2018.

Four vulnerabilities could be exploited by attackers remotely control some functions of the vehicle, fortunately, none could be used to control physical features of the cars.

The Keen Team researchers discovered that the tested systems were running an outdated Linux kernel version that is affected by vulnerabilities that could be exploited to carry out specific attacks.

The researchers explored multiple attack scenarios that could leverage the browser’s JavaScript engine, Wi-Fi chip, Bluetooth stack, USB functions, or third-party apps in their head unit.

The researchers demonstrated that an attacker could set up a web shell with root privileges and use other issues, like heap overflow bugs, to interfere with specific car functions.

The experts were able to bypass the vehicle’s anti-theft protection even perform vehicle control actions.

By manipulating and injecting TCP packets throgh the CAN bus, the researchers were able to perform multiple actions such as open/close ambient light in the vehicle, control the reading lights, open the sunshade cover, and control the back-seat passenger lights.

“To verify our thought, we captured all the TCP packets sent to RH850 while performing vehicle control actions. Finally, we got the TCP packets from a TCP connection sent by process k2lacsdaemon. Injecting code into process k2lacsdaemon and replaying these packets can trigger the specified vehicle control actions.” reads the report published by the experts. “The vehicle control actions we successfully triggered and the TCP packets are shown in Table 6.1.”

  • open ambient light
  • close ambient light
  • open driver reading light
  • close driver reading light
  • open passenger reading light
  • close passenger reading light
  • open sunshade cover
  • open back-seat passenger light
  • close back-seat passenger light

Experts also devised attack scenarios against the T-Box that leveraged the embedded Wi-Fi chip, the STA8090 chip, the CAN bus, or the implementation of LTE protocol. However, security controls that Mercedes-Benz implemented prevented attacks from baseband or LTE’s downgrade to GSM (to hijacking vehicle control commands).

Anyway, the experts didn’t find a way to compromise the T-Box, they only demonstrated
how to send arbitrary CAN messages from T-Box and bypass the code signing mechanism to fash a custom SH2A MCU firmware by utilizing a vulnerability in SH2A firmware on a debug version T-Box.

In their report, the researchers describe both successful and unsuccessful attack attempts, while also providing extensive technical details of the hardware and software they tested.

Experts reported the vulnerabilities to Daimler in November 2020 and the carmaker released security patches starting from late January 2021.

“This report showed how we performed our security research on MercedesBenz’s newest infotainment system, MBUX. In order to complete some attack chains, We analyzed many attack surfaces and successfully exploited some of the attack surfaces on head unit and T-Box.” concludes the report. “For head unit, we demonstrated what the attacked could do in a compromised head unit system for two attack scenarios, the removed head units and the real-world vehicles”

In August 2020, a team of Chinese experts from Sky-Go, the Qihoo 360 division focused on car hacking, discovered 19 vulnerabilities in a Mercedes-Benz E-Class, including some issues that can be exploited by attackers to remotely hack a vehicle.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Mercedes)

[adrotate banner=”5″]

[adrotate banner=”13″]