Mercedes-Benz infotainment riddled with vulnerabilities

January 21, 2025

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

(Adobe Stock)

SecurityWeek reports that Mercedes-Benz's infotainment system dubbed Mercedes-Benz User Experience was discovered by Kaspersky researchers to have been impacted by more than a dozen security flaws, many of which could be leveraged for denial-of-service intrusions.

Other identified security vulnerabilities impacting the first generation of MBUX could also be exploited in USB or custom UPC connection-based attacks to deactivate the system's anti-theft defenses, conduct vehicle tuning, and open paid services, according to Kaspersky researchers. Mercedes-Benz clarified that all of the discovered security bugs, which it was aware of since 2022, have already been addressed. "The topic described by the researchers requires physical access to the vehicle on site as well as access to the interior of the vehicle. In addition, the head unit has to be removed and opened. Newer versions of the infotainment system are not affected," said a Mercedes-Benz spokesperson.

SC Staff

A 3D-Illustration of the word Linux on metallic cubes

Vulnerability Management

Linux kernel flaw added to CISA’s exploited vulnerabilities list

Steve ZurierFebruary 6, 2025

Flaw could let attackers escalate privileges on popular Google Android and Pixel devices.

Vulnerability Management

CISA: Actively exploited Linux kernel flaw requires immediate remediation

SC StaffFebruary 6, 2025

Such a vulnerability — which stems from a USB Video Class driver out-of-bounds write issue that could be exploited for privilege escalation — may have been used by forensic data extraction tools, according to the GrapheneOS development team.

Penetration Testing

How to prepare for an effective web application penetration test

Outpost 24February 6, 2025

At a time when data breaches and cyberattacks dominate headlines, web application security is top on the minds of IT leaders. By performing regular web application pen tests, possible vulnerabilities can be uncovered and steps taken to fortify your defenses. In this post, we'll discuss the importance of preparing for a pen test, the items that should be on your pen test checklist, and how to foster close collaboration with your pen testing team.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

Bug Buffer Overflow Disassembly

Mercedes-Benz infotainment riddled with vulnerabilities

Related

Linux kernel flaw added to CISA’s exploited vulnerabilities list

CISA: Actively exploited Linux kernel flaw requires immediate remediation

How to prepare for an effective web application penetration test

Related Events

Balancing Act: Prioritizing Vulnerabilities and Misconfigurations in Vulnerability Management

CISO Perspectives to Improve/Optimize Vulnerability Management

Exposure management: How organizations can use it to build cyber resilience

Get daily email updates