28/68 Tuesday, January 21, 2025
Kaspersky Reveals Over 10 Vulnerabilities in Mercedes-Benz User Experience (MBUX) System
Kaspersky has disclosed details of more than 10 vulnerabilities in the Mercedes-Benz User Experience (MBUX) infotainment system. Some of these vulnerabilities could potentially be exploited for Denial of Service (DoS) attacks, data extraction, remote command execution, and privilege escalation. However, Mercedes-Benz has confirmed that all identified vulnerabilities have been resolved and that exploiting them would require physical access to the vehicle.
Building on their 2021 research, Kaspersky’s latest study found that attackers with physical access to the vehicle could exploit these vulnerabilities to disable anti-theft systems, modify vehicle settings, and unlock paid services. These attacks were possible through USB connections or other dedicated interfaces. Importantly, newer versions of the MBUX system were found to be free from these vulnerabilities.
Mercedes-Benz acknowledged being aware of the issue since 2022 and emphasized that the vulnerabilities could not be exploited remotely. The company reaffirmed its commitment to product and service security, encouraging researchers to report any issues through its vulnerability disclosure program.
Source https://www.securityweek.com/details-disclosed-for-mercedes-benz-infotainment-vulnerabilities/
