Bulletin
Join thousands of people who get the latest cybersecurity news every day.
The administrator of your non-public knowledge will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed data on the processing of non-public knowledge can be found in the privacy policy. In addition, you will see them in the newsletter registration confirmation message.
The administrator of your non-public knowledge will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed data on the processing of non-public knowledge can be found in the privacy policy. In addition, you will see them in the newsletter registration confirmation message.
Share this article:
Researchers went into detail about the discovery and disclosure of 19 safety flaws in Mercedes-Benz vehicles, all of which have been corrected.
The Mercedes-Benz E-Class entered the market with 19 vulnerabilities, which, among other things, can allow attackers to open the car door remotely and start the engine. Investigators say the flaws, detailed in Black Hat USA on Thursday, potentially hit more than 2 million connected Mercedes-Benz cars before they were repaired.
The E-Class is a variety of vehicles manufactured through the German manufacturer, with in-flight information and entertainment systems and connectivity features. Researchers from the Sky-Go Automotive Threat Research Team, a member of security company 360 Group, first reported the flaws to Mercedes-Benz on August 21 last year, and an initial solution was implemented on August 26. Vulnerabilities.
“We reported the flaws to Mercedez-Benz, discovered about 19 vulnerabilities,” minrui Yan, head of the Sky-Go team with 360 Group, said during a presentation with Jiahao Li, 360 Group researcher at Black Hat. “The most important effect is that we can send orders from ‘remote services’ to the car. We have noticed many protection considerations in the Mercedes-Benz.
Several security flaws have been uncovered in the architecture of Mercedes-Benz’s connectivity functions.
The first component of this architecture is the “Main Unit” or infotainment formula. Componenticular researchers tested the infotainment formula of the Mercedes-Benz E300L model, called NTG-55 and designed through Mitsubishi Electronics. The formula has multimedia functions and also connects to the “Mercedes Me” cellular app. This app allows users to monitor their autocellulars in detail, adding remote ignition, locking and unlocking their vehicle, or even the amount of fuel in the tank. Investigators discovered a failure in the main unit, which still won a CVE.
Meanwhile, an essential communication intermediary between the external network and the network built into the car is a telematics unit (TCU) called HERMES, which is short for Hardware for enhanced remote and mobile emergency services. Its features come with the ability to make emergency calls and data calls, as well as remote diagnostics, local diagnostics, etc. But, it also comprises a communication module that supports 3G and 4G networks, and can be configured with a short-range wireless network. (Wi-Fi or Bluetooth) for the infotainment system. Researchers have discovered six of the 19 faults in the HERMES component (including CVE-2019-19556, CVE-2019-19560, CVE-2019-19562, CVE-2019-19557, CVE-2019-19561 and CVE-2019-19563).
There were other defects in the backend of the vehicle (nine defects; 8 of them did not have a CVE assigned and the ninth similar to CVE-2019-19558) and the vehicle’s operating formula (two defects without CVE assigned). For the intellectual assets of car manufacturer Mercedes-Benz Daimler, researchers have revealed limited safety designs and code details.
To send remote service commands, the researchers surveyed the car’s HERMES TCU system, which they said is the maximum component of the entire system, as it includes the communication module that connects the inflight information and entertainment network and the external network. and the Mercedes Me app.
In order to perform additional HERMES inspection, researchers needed physical access to the formula because the firmware could not be had on a vendor’s site or through a traffic proxy. They physically opened the NAND flash garage containing the firmware, a BGA recovery station (ball grid matrix) with a plug they made themselves.
The researchers then discovered that they would “fake the registration system” by adding an interactive shell with root privileges. We discovered a program in engineer mode to debug the TCU system, with access to the CAN bus through the operation of the MCU [a chip-level microcontroller],” the researchers said.” So we can do safe things, for example, lock or unlock the doors.”
Researchers also discovered other problems. For example, TCU registration systems stored the visitor certificate “pkcs12”, passwords and CA certificate for the car’s primary server, and researchers might stumble upon encrypted password records for the certificate, which had anArraypasswd suffix.
“The certificate key is encrypted in a file, so we can obtain the certificate key by compiling decryption with OpenSSL, obtaining the password of the certificate key. After decryption, the visitor certificate passwords… can be achieved, ” they said.
Researchers also discovered a server-side request manipulation (SSRF) failure on the rear warning surface of the car infotainment system, in a companion Internet application feature that allows users to upload their social media accounts to the system: “A SSRF vulnerability occurred in the back-end service because the symbol provider was unable to clear the settings we entered “” Explained. “Add-on developers take less account of the requested URL. For example, if we send a local URL to the symbol provider, it will return to the content we ask for. “
In addition to blocking and starting remotely, the researchers were unable to access critical vehicle protection features, they said in their session. Guy Harpak, Mercedes-Benz’s head of product protection for studies and development, said Mercedes-Benz took several steps to respond to incidents (IR) after learning of the vulnerabilities. These come with selective facility lockout and rapid fixes; initiate forensic investigations and implement longer-term solutions.
“We have an example here of a strong network of studies that works with a strong industry that can provide greater security,” Harpak said at the session.
As they become more connected, more and more cars face security vulnerabilities. Previous researchers have discovered flaws in automotive information and entertainment systems, as well as in products from express car manufacturers such as Volkswagen, Jeep and more.
See Black Hat USA 2020’s Threatpost policy, adding interviews, risk study updates, and more here.
Free Threatpost webinar: Need to know more about sensitive computing and how you can protect the security of your cloud? This webinar “Cloud Security Audit: A Confidential Computing Roundtable” brings together the most productive cloud security experts from Microsoft and Fortanix to explore how sensitive computing is turning the game into dynamic and secure cloud knowledge and saves you IP exposure. Join us on Wednesday, August 12 at 2 p.m. ET for this loose live webinar with Dr. David Thaler, Software Architect, Microsoft and Security Architect Dr. Richard Searle, Fortanix, or the Confidential Computing Consortium. Sign up now.
Share this article:
A Polish security researcher has exposed the flaw in a browser-sharing API that can allow attackers to use borrowed user files.
The unplanned security update fixes two “important” severity failures in Windows 8.1 and Windows Server 2012.
A solution for failure has been launched in a used module, and researchers are urging IoT brands to update their devices as soon as possible.
Join thousands of people who get the latest cybersecurity news every day.
The hackers used a feat #Autodesk Max 3ds to launch a spy attack opposed to an architecture and … https://t.co/JrkAikuLfG
5 hours ago
Get the latest breaking news in your inbox every day.
Infosec Insider content is written through a trusted network of Threatpost cybersecurity experts. Each contribution aims to provide a unique voice on cybersecurity issues. The content strives to be of the highest quality, objective and non-commercial.
Sponsored content is paid through an advertiser. Sponsored content is written and edited through members of our sponsoring community. This content allows a sponsor to provide data and feedback from their point of view to the Threatpost audience. Threatpost’s editorial team does not care about the writing or editing of Sponsored Content.