Mercedes collaborates with Tencent on car IT security

14 May 2021

Mercedes-Benz and Tencent Security Keen Lab are collaborating to advance car IT security. So far, the Chinese technology conglomerate has been analysing the security of the Mercedes-Benz User Experience (MBUX).

Vehicles are becoming more advanced, intelligent, and connected. According to the United Nations Economic Commission for Europe (UNECE), cars today contain up to 150 electronic control units and roughly 100 million lines of software code. This is projected to rise to 300 million lines of code by the beginning of the next decade.

But with this digital development comes new risks. Cybersecurity is now a core concern for the automotive industry as it comes to grips with challenges once only faced by technology titans. Carmakers must now defend against risks like hackers seeking access to electronic systems and data, threatening safety and privacy in the process.

Technological expertise

Tencent’s Security Keen Lab began conducting an in-depth analysis of both the hardware and software of the MBUX in March last year. Over the course of eight months, researchers found several security issues and exploited some attack surfaces. These ‘surfaces’ are made up of the total number of vulnerabilities a hacker might use to gain unauthorised access.

Within the MBUX, Tencent’s team found weaknesses in the infotainment and telematics systems. They were able to gain physical, then remote access to the main infotainment ECU or head unit. This meant they could remotely perform certain functions, like changing interior lighting colours and displaying images on the infotainment screen.

The team also demonstrated how an internal chip on the T-Box (telematics) could be compromised by sending arbitrary CAN messages from a debug (non-production) version T-Box. This message-based protocol is designed to allow microcontrollers and devices to communicate without the need for a host computer.

IT support

After Tencent discovered these issues and informed Mercedes-Benz at the end of last year, the pair began to work together on solutions, with fixes now being rolled out. ‘The expertise of the security community all over the world is absolutely valuable to us in order to continuously improve our vehicle security’, said Adi Ofek, CEO of Mercedes-Benz Tel Aviv.

‘Therefore, we highly appreciate the expertise of Tencent Security Keen Lab. In addition to their profound know-how, I would like to thank the Keen Lab team for the productive collaboration which we would like to continue in future,’ Ofek added.

‘During the last few years, Keen Lab has strengthened its expertise in the fields of intelligent connected vehicles, IoT products, cloud computing, and virtualisation, as well as AI,’ said Shi Wu, head of Tencent Security Keen Lab. ‘We are happy to contribute to making Mercedes-Benz vehicles even safer, and having the opportunity to cooperate with the premium manufacturer’s digital experts.’