Security researchers that are part of the Sky-Go team, the group in charge of vehicle cybersecurity at Chinese security vendor Qihoo 360, have discovered no less than 19 different vulnerabilities in the Mercedes-Benz E-Class.
And as they presented this week at the Black Hat security conference, these flaws can be abused to get remote access to a series of car functions, with a malicious actor eventually being able to start the engine without physically touching the car.
Hijacking a Mercedes-Benz E-Class relies on a very complex attack that Sky-Go has detailed in the whitepaper here. The whole thing comes down to breaking into the car’s head unit and then accessing the telematics control unit, also known as the TCU, and the backend.
Getting access to the backend, they say, is something that would eventually expose any connected car, as this is where critical data is stored.
“Car Backend is the core of Connected Cars. As long as Car Backends’ services can be accessed externally, it means that car backend is at risk of being attacked. The vehicles connecting to this Car Backend are in danger, too. So, our next step is to try to access Car Backend,” the researchers explained.
Breaking into the backend was possible with the eSIM that the car used to connect to the Internet and reach out to external servers, but also to provide remote functionality through the mobile companion app called Mercedes Me. Because the requests sent by the mobile app to the backend weren’t authenticated, the researchers were eventually able to abuse them and thus get access to remote controls like functions to lock and unlock the doors, turn on the lights, and even start the engine.
All cars in China are exposed to similar attacks, the hackers warn.
The good news is that the vulnerabilities had already been reported to Daimler in August 2019, and the company fixed all of them a month later. The researchers claim they also haven’t disclosed some details about the vulnerabilities to avoid any potential attacks.
Hijacking a Mercedes-Benz E-Class relies on a very complex attack that Sky-Go has detailed in the whitepaper here. The whole thing comes down to breaking into the car’s head unit and then accessing the telematics control unit, also known as the TCU, and the backend.
Getting access to the backend, they say, is something that would eventually expose any connected car, as this is where critical data is stored.
“Car Backend is the core of Connected Cars. As long as Car Backends’ services can be accessed externally, it means that car backend is at risk of being attacked. The vehicles connecting to this Car Backend are in danger, too. So, our next step is to try to access Car Backend,” the researchers explained.
Breaking into the backend was possible with the eSIM that the car used to connect to the Internet and reach out to external servers, but also to provide remote functionality through the mobile companion app called Mercedes Me. Because the requests sent by the mobile app to the backend weren’t authenticated, the researchers were eventually able to abuse them and thus get access to remote controls like functions to lock and unlock the doors, turn on the lights, and even start the engine.
All cars in China are exposed to similar attacks, the hackers warn.
The good news is that the vulnerabilities had already been reported to Daimler in August 2019, and the company fixed all of them a month later. The researchers claim they also haven’t disclosed some details about the vulnerabilities to avoid any potential attacks.