To strengthen and ensure trustful protection of our customer data and safety, Product security is a fundamental strategic pillar. Security is being implemented through the vehicle lifecycle to enable safe mobility.
The worldwide Mercedes-Benz community creates and nourishes a mindset which is the foundation for how the company understands, develops and lives safety and security. In order to achieve this goal, it is essential to leverage the skills of the worldwide community. Therefore, our company values the work of researchers who spend time and effort helping Mercedes-Benz provide security that meets the speed and the needs to enable innovation.
Tencent Security Keen Lab researchers have been conduct an in-depth and comprehensive analysis of both hardware and software of MBUX – Mercedes-Benz User Experience. Tencent Security Keen Lab, a reputable security research lab under Tencent, is a globally renowned and respected security research team which supports the advancement of security features of intelligent connected cars.
In their eight-months’ research, Tencent Keen Lab has tested our MBUX Infotainment System. The Keen Lab team found several security issues on MBUX and successfully exploited some attack surfaces on the head unit and T-Box. They have gained first physical access and as a consequence of this subsequently remote access to the main infotainment ECU: the head unit. This enabled them to perform certain infotainment vehicle functions remotely (i.e. change internal lighting colors, display images on infotainment screen…). Furthermore they demonstrated how to compromise an internal chip on the T-Box, which was proved by sending arbitrary CAN messages from a debug (non-production) version T-Box. Simultaneously, both sides joined forces to develop solutions for the findings and already started with the rollout of the fixes. This was only possible due to the excellent research by the Tencent Security Keen Lab team as well as the close collaboration with the Mercedes-Benz experts which started immediately after Keen Lab informed the company in December 2020.