Chinese experts from Sky-Go, the Qihoo 360 division focused on car hacking, discovered19 vulnerabilities in a Mercedes-Benz-Class
Chinese experts from Sky-Go, the Qihoo 360 division focused on car hacking, discovered19 vulnerabilities in a Mercedes-Benz-Class. Some of the vulnerabilities could be exploited by attackers to hack a vehicle remotely.
When you buy a car, you always search for its latest features as all the modern vehicles are equipped with a host of technologies and intelligence features that rely on internet connection.
Have you ever thought hackers can get control of your vehicle by breaking into any of the technology features?
The research began in 2018 with Mercedes-E-Class as it is a connected car with a robust infotainment system and has got a vibrant set of functionalities. In August 2019, the experts reported their findings to Daimler, which owns the Mercedes-Benz. In December 2019, the carmaker declared a partnership 360 group to enhance car IT security.
Representatives of Sky-Go and Daimler disclosed the findings of their reports during the Black Hat Cybersecurity conference held last week. To prevent malicious exploitation in the wild experts avoided disclosing technical facts publicly.
The flaws could have affected as many as two million Mercedes-Benz connected cars in China, letting them open the door and start the engine remotely.
“We addressed all findings and fixed all vulnerabilities that could be exploited before any vehicle in the market was affected, ’ reported the spokesperson.
The researchers analyzed the car’s software and the car’s internals for vulnerabilities. The researchers then attained a Series-E car to validate their findings.
TCU (Telematics Control Unit) is the `most vital ’ component of the car, as it permits the vehicle to communicate with the internet.
By tampering with the TCU’s file system, the researchers got access to the core-shell and could remotely open the car’s doors.
The TCU file system stores the car’s secrets, like certificates and passwords, which protect the vehicle from being accessed or modified without proper authorization.
“During the research and joint workshop, we see so many security designs in Mercedes-Benz Connected Cars, and these designs are protecting the card from various attacks. The capability of a car company to work jointly with researchers contributes to the overall security of ours, ” reads the research paper.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?