Researchers found over a dozen security vulnerabilities in Mercedes-Benz’s E-Class car that may let hackers to remotely start the car. They estimate the vulnerabilities could have affected over two million Mercedes-Benz connected cars in China.
A team of security researchers from Sky-Go, a vehicle cyber security unit of a Chinese internet security company, found 19 vulnerabilities as they did an extensive security testing on the Mercedes-Benz E- class car. They got access to invoke remote service to control the car, including its doors, windows, lights and engines, without any physical access.
The researchers could tamper the file system in the Telematics control unit (TCU), which they said is one of the most important parts as it enables the car connect to the internet. They found an engineer mode programme for debugging the TCU system and access the Controller Area Network (CAN), the central networking system that allows connected devices in the car to communicate with each other wirelessly. Researchers could then lock or unlock the doors through the programme.
The TCU also allows vehicle tracking and stores information about the vehicle’s sensor data. It stores passwords and certificates for the car’s backend server that researchers said is the core of connected cars as it prohibits un-authenticated external access.
The key of the certificate is encrypted to a file, which researchers were able to extract to access the password of the certificate key and certificates of different regions, including Europe and China. Chinese region certificate had a weak password, researchers said.
They said attackers can hack the car as long as its backend services can be accessed externally. The vehicles connected to the car’s backend will also be in danger in such cases. Researchers could access the backend servers once they obtained the certificates.
Researchers could access the Access Point Name networks (APN) of the backend, which is a gateway for mobile networks and has to be configured for making data connection. They modified the 4G router, configured the APN information to the 4G router and gained access to the 4G network.
The 19 vulnerabilities identified by the Sky-Go Team has now been fixed by Mercedes-Benz. The researchers picked the E-class model for their study as its in-car infotainment is said to have the most connected functionality.
