Security Research on Mercedes-Benz: From Hardware to Car Control

Presented at Black Hat USA 2020 Virtual, Aug. 6, 2020, 10 a.m. (40 minutes)

<p>Nowadays, more and more intelligent functionalities have been introduced to modern cars, which also brings more attack surfaces to the cars. As a car security research team, we like to learn more about the luxury cars' design and development, so we initiated the research on Mercedes-Benz in 2018.</p><p>In this talk, we will discuss how to perform security research on Connected Cars. First of all, we will talk about how to build a testbench with relevant intelligent components at a low cost. Secondly, we design an attack chain from the outside to the inside of the vehicle based on this testbench. Thirdly, we perform the attack chain in a genuine car. This talk will explain how we researched a Mercedes-Benz E-Class car and found the vulnerabilities. By exploiting these vulnerabilities, we can remotely unlock the door and start the engine and they potentially impact all Mercedes-Benz connected cars in China (estimated over 2 million).</p>


  • Guy Harpak - Head of Product Security, Mercedes-Benz R&D Tel-Aviv, Daimler
    Guy Harpak is Head of Product Security in Mercedes-Benz R&D Tel-Aviv. In this role, he sets the technical strategy for the R&D site and the technology road-map for advanced CarIT security solutions. Prior to joining Daimler, Guy served for over a decade in an elite Cyber Security unit in the IDF, leading R&D of national grade security products. Following his career in the national security space, Guy has co-founded Sitaro, a startup that focused on securing IoT devices and detecting malicious network phenomena in the SoHo and consumer space. The experience with the IoT industry and large scale R&D projects sparked Guy's interest in security for the automotive industry.
  • Jiahao Li - Researcher, 360 Group
    Jiahao Li is a security researcher of Sky-Go Team. He has three years of car-hacking experience. He is a full-stack engineer. Skills: Penetration, Hardware, Reverse Engineering. Now he is focus on firmware RE.
  • Minrui Yan - Head of Security Research of Sky-Go Team, 360 Group
    <span>Minrui Yan is a senior security researcher from 360, the head of Sky-Go Team, responsible for security research, tool development, and standardization work for the connected car. And, he has presented serval research results at various international security conferences, such as CodeBlue, CanSecWest, OffensiveCon, SyScan360, Black Hat Arsenal.</span>


Similar Presentations: