Collaboration of Mercedes-Benz and Tencent Security Keen Lab to strengthen car IT security

Mercedes-Benz plays a leading role in the digitalization of mobility

Mercedes-Benz plays a leading role in the digitalization of mobility. To strengthen and ensure trustful protection of our customer data and safety, Product security is a fundamental strategic pillar. Security is being implemented through the vehicle lifecycle to enable safe mobility.

The worldwide Mercedes-Benz community creates and nourishes a mindset which is the foundation for how the company understands, develops and lives safety and security. In order to achieve this goal, it is essential to leverage the skills of the worldwide community. Therefore, our company values the work of researchers who spend time and effort helping Mercedes-Benz provide security that meets the speed and the needs to enable innovation.

Tencent Security Keen Lab researchers have been conduct an in-depth and comprehensive analysis of both hardware and software of MBUX – Mercedes-Benz User Experience. Tencent Security Keen Lab, a reputable security research lab under Tencent, is a globally renowned and respected security research team which supports the advancement of security features of intelligent connected cars.

In their eight-months’ research, Tencent Keen Lab has tested our MBUX Infotainment System. The Keen Lab team found several security issues on MBUX and successfully exploited some attack surfaces on the head unit and T-Box. They have gained first physical access and as a consequence of this subsequently remote access to the main infotainment ECU: the head unit. This enabled them to perform certain infotainment vehicle functions remotely (i.e. change internal lighting colors, display images on infotainment screen…). Furthermore they demonstrated how to compromise an internal chip on the T-Box, which was proved by sending arbitrary CAN messages from a debug (non-production) version T-Box. Simultaneously, both sides joined forces to develop solutions for the findings and already started with the rollout of the fixes. This was only possible due to the excellent research by the Tencent Security Keen Lab team as well as the close collaboration with the Mercedes-Benz experts which started immediately after Keen Lab informed the company in December 2020.

“During the last few years, Keen Lab has strengthened its expertise in the fields of intelligent connected vehicles, IoT products, cloud computing, and virtualization, as well as AI. Making car security and user safety is one of our most important goals. And we are happy to contribute to making Mercedes-Benz vehicles even safer and having the opportunity to cooperate with the premium manufacturer’s digital experts”, said Shi Wu, Head of Tencent Security Keen Lab.

“The expertise of the security community all over the world is absolutely valuable to us in order to continuously improve our vehicle security”, said Adi Ofek, CEO of Mercedes-Benz Tel Aviv and holding the mandate for car IT security at Mercedes-Benz. “Therefore, we highly appreciate the expertise of Tencent Security Keen Lab. In addition to their profound know-how I would like to thank the Keen Lab team for the productive collaboration which we would like to continue in future.”

SOURCE: Daimler