SecurityWeek reports that Mercedes-Benz's infotainment system dubbed Mercedes-Benz User Experience was discovered by Kaspersky researchers to have been impacted by more than a dozen security flaws, many of which could be leveraged for denial-of-service intrusions.
Other identified security vulnerabilities impacting the first generation of MBUX could also be exploited in USB or custom UPC connection-based attacks to deactivate the system's anti-theft defenses, conduct vehicle tuning, and open paid services, according to Kaspersky researchers. Mercedes-Benz clarified that all of the discovered security bugs, which it was aware of since 2022, have already been addressed. "The topic described by the researchers requires physical access to the vehicle on site as well as access to the interior of the vehicle. In addition, the head unit has to be removed and opened. Newer versions of the infotainment system are not affected," said a Mercedes-Benz spokesperson.
