A team of experts from Kaspersky Lab conducted an in-depth analysis of the first-generation Mercedes-Benz User Experience (MBUX) infotainment system, uncovering several critical vulnerabilities. The research built upon earlier findings by KeenLab and focused on diagnostics, USB connectivity, and specialized inter-process communication protocols.
The MBUX system is structured around an architecture comprising Multi Media Board (MMB) and Base Board (BB) modules, along with other components. The investigation utilized both a real Mercedes B180 vehicle and a test platform. During the study, researchers successfully bypassed the built-in anti-theft protection and gained access to the system’s subsystems.
Particular attention was given to diagnostic protocols and embedded firmware. The analysis involved examining the file system, which operates on a Linux environment, as well as unpacking firmware update files. It was revealed that certain diagnostic components rely on outdated and vulnerable elements, such as Polkit, which is affected by CVE-2021-4034.
A key breakthrough involved emulating the USB subsystem to model interactions with microservices. Discovered vulnerabilities, including CVE-2024-37601 and CVE-2023-34402, could allow attackers to access and manipulate user data or disable the vehicle’s safety features.
Another segment of the research explored internal protocols utilized within the system: thriftme, MoCCA, and GCF. These protocols facilitate communication between the device’s modules but also expose attack vectors. For instance, a vulnerability in MoCCA (CVE-2024-37600) related to stack overflow enables the execution of malicious code.
For USB connectivity, an emulation of data import and export functions revealed multiple vulnerabilities in processing files of the UD2 format. One such flaw, CVE-2024-37601, caused subsystem crashes when handling specially crafted files.
In total, the investigation identified 13 new CVEs. The most critical of these could potentially be exploited to disable the anti-theft system, unlock premium features, or gain control over the vehicle’s network. The researchers expressed their gratitude to Mercedes-Benz Group AG for their prompt collaboration in addressing the identified vulnerabilities.
