Multiple vulnerabilities found in Mercedes-Benz vehicle electronic systems

After more than half a year of security testing in the Mercedes-Benz source code, Tencent Security researchers found at least five critical flaws in the computer and entertainment systems of the prestigious automaker. According to the report, the flaws were found in Mercedes-Benz User Experience (MBUX), a system launched at the end of 2018 for Class A vehicles.

Experts tracked these vulnerabilities as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909 and CVE-2021-23910, and ensure that their operation allows threat actors to take remote control of some car functions with this system, although they do not compromise their physical characteristics such as brakes or steering system.

This research also addressed the Mercedes-Benz T-Box, which could be successfully exploited in certain circumstances that are perfectly applicable to real-world scenarios.

Researchers also discovered the use of an outdated Linux kernel that is very vulnerable to certain attacks, in addition to severe system exposure through the JavaScript engine of their own web browser and the potential exploitation of some WiFi chip flaws, Bluetooth stack and MBUX USB functions.

Possible consequences of exploiting these flaws include heap overflow scenarios, memory leaks, and possible remote code execution, as well as the ability to configure a remote shell using an MBUX browser flaw.

During testing, threat actors made the initial commitment using a persistent web shell with root privileges, allowing them to unlock specific features in the car, including anti-theft protection, as well as installing a persistent backdoor on the target system. By sending specially designed CAN messages, researchers were also able to control the light, air conditioning and even control car seats, although as mentioned above, these attacks do not allow you to take control of the vehicle.

On the other hand, attack scenarios targeting the T-Box include abuse of the WiFi chip included in the system, in addition to the STA8090 chip that functions as an IC receiver, the CAN bus and even the LTE connection, based on Huawei technology.

Experts also described some types of attack tested against this system but did not result in malicious scenarios. The report has already been submitted to Daimler, the company that owns Mercedes-Benz, and the affected T-Box and MBUX implementations are expected to have already been updated.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.