Our research departement has been looking at cars by many different manufacturers for the last few months. During this analysis we were able to determine two serious security issues in products by the company Daimler:

• CVE-2018-18070 – Complex routes lets attackers crash and restart the Comand board system
• CVE-2018-18071 – Weak encryption lets attackers remote-control inter-connected cars (technical details)

The vendor was contacted on an early stage. There are no official countermeasures available. We recommend affected users to not use the Mobile Me App and to not allow remote-connections to the Comand system.

Links

• https://vuldb.com/?id.125080
• https://vuldb.com/?id.125081

Tags