Authorization

Security bugs let these car hackers remotely control a Mercedes-Benz

Few could ever forget back in 2015 when security researchers Charlie Miller and Chris Valasek remotely killed a Jeeps engine on a highway with a Wired reporter at the wheel.
Since then, the car hacking world has bustled with security researchers looking to find new bugs and ways to exploit them in a new wave of internet-connected cars that have only existed the past decade.
This years Black Hat security conference albeit virtual, thanks to the coronavirus pandemic is no different.
Security researchers at the Sky-Go Team, the car hacking unit at Qihoo 360, found more than a dozen vulnerabilities in a Mercedes-Benz E-Class car that allowed them to remotely open its doors and start the engine.
Most modern cars are equipped with an internet connection, giving passengers access to in-car entertainment, navigation and directions, and more radio stations than you can choose from. But hooking up a car to the internet puts it at greater risk of remote attacks precisely how Miller and Valasek hijacked that Jeep, which ended up in a ditch.
Although vehicle security has gotten better over the past half-decade, Sky-Gos researchers showed that not even one of the most recent Mercedes-Benz models are impervious to attacks.
In a talk this week, Minrui Yan, head of Sky-Gos security research team, said the 19 security vulnerabilities were now fixed, but could have affected as many as two million Mercedes-Benz connected cars in China.
Katharina Becker, a spokesperson for Mercedes parent company Daimler, pointed to a company statement published late last year after it patched the security issues. The spokesperson said Daimler could not corroborate the estimated number of affected vehicles.
We addressed all findings and fixed all vulnerabilities that could be exploited before any vehicle in the market was affected, said the spokesperson.
After more than a year of research, the end result was a series of vulnerabilities that formed an attack chain that could remotely control the vehicle.
To start, the researchers built a testbench to reverse-engineer the cars components to look for vulnerabilities, dumping the cars software and analyzing the cars internals for vulnerabilities.
The researchers then obtained a Series-E car to verify their findings.
At the heart of the research is the E-Series telematics control unit, or TCU, which Yan said is the most crucial component of the car, as it allows the vehicle to communicate with the internet.
By tampering with the TCUs file system, the researchers got access to a root shell a way to run commands with the highest level of access to the vehicles internals. With root shell access, the researchers could remotely open the cars doors.
The TCU file system also stores the cars secrets, like passwords and certificates, which protect the vehicle from being accessed or modified without proper authorization. But the researchers were able to extract the passwords of several certificates for several different regions, including Europe and China. By obtaining the vehicles certificates and their passwords, the researchers could gain deep access to the vehicles internal network. The cars certificate for the China region had a weak password, Yan said, making it easier to hijack a vulnerable car in the country.
Yan said the goal was to get access to the cars back end, the core of the vehicles internal network. As long as the cars back-end services can be accessed externally, the car is at risk of attacks, the researchers said.
The way the researchers did this was by tearing down the vehicles embedded SIM card, which allows the car to talk to the cell networks. A security feature meant the researchers couldnt plug the SIM into a router without freezing access to the cell network. The researchers modified their router to spoof the vehicle, effectively making the cell network think it was the car.
With the vehicles firmware dumped, the networking protocols understood and its certificates obtained and cracked, the researchers say they could remotely control an affected vehicle.
The researchers said the cars security design was tough and able to withstand a number of attacks, but it was not impervious.
Making every back-end component secure all the time is hard, the researchers said. No company can make this perfect.
But at least in the case of Mercedes-Benz, its cars are a lot more secure than they were a year ago.

Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: zack.whittaker@protonmail.com
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«     2020    »
 123456
78910111213
14151617181920
21222324252627
282930