Security Research on Mercedes-Benz: From Hardware to Car Control

Conference:  BlackHat USA 2020



The presentation discusses the challenges of securing a fleet of connected cars and the approach of fleet security operations. The speaker also highlights the partnership with 360, a security research team, and their findings on vulnerabilities in Mr. Spence's connected car in China.
  • Fleet security operations involve assessing vulnerabilities, detecting attacks, responding to potential attacks, and protecting the fleet
  • The partnership with 360 resulted in the discovery of vulnerabilities in Mr. Spence's connected car in China
  • The vulnerabilities allowed for remote access and control of the car's doors, lights, windows, and engine
  • The vulnerabilities were responsibly disclosed and fixed by Mr. Spence
  • The partnership between industry and security researchers can lead to better security for customers
The speaker mentions that the fleet of connected cars is one of the largest IoT networks in the world, with potentially millions of cars and electronic control units. They also mention the example of the head unit in a car suddenly sending a breaking signal as a potential sign of an attack. The partnership with 360 highlights the importance of working with security researchers to improve the security of connected cars.


Nowadays, more and more intelligent functionalities have been introduced to modern cars, which also brings more attack surfaces to the cars. As a car security research team, we like to learn more about the luxury cars' design and development, so we initiated the research on Mercedes-Benz in 2018.In this talk, we will discuss how to perform security research on Connected Cars. First of all, we will talk about how to build a testbench with relevant intelligent components at a low cost. Secondly, we design an attack chain from the outside to the inside of the vehicle based on this testbench. Thirdly, we perform the attack chain in a genuine car. This talk will explain how we researched a Mercedes-Benz E-Class car and found the vulnerabilities. By exploiting these vulnerabilities, we can remotely unlock the door and start the engine and they potentially impact all Mercedes-Benz connected cars in China (estimated over 2 million).