Mercedes-Benz NTG 6 Head Unit Denial-of-Service Vulnerability via USB Profile Management

A denial-of-service vulnerability has been identified in the Mercedes-Benz NTG 6 head unit, specifically within the first generation of the Mercedes-Benz User Experience (MBUX) system). This vulnerability arises from the head unit's functionality to import and export user profile data via USB. During the processing of this data, a flaw can be exploited that causes the head unit to crash. The issue is linked to the 'UserData' service, which manages profile data transfer. When certain profile files are imported, the 'UserData' service can be manipulated to trigger a crash, effectively freezing the system until a hard reset is performed on the vehicle's electronic control unit (ECU).

Impact

Exploitation of this vulnerability leads to a crash of the 'UserData' service, causing the head unit to freeze and become unresponsive. This state can only be restored by performing a hard reset of the vehicle's ECU.

Reproduction

The vulnerability can be reproduced by exporting user profile data from the head unit to a USB drive, which is then imported back into the system. The imported data can be crafted to include specific files that trigger the vulnerability, causing the 'UserData' service to crash and the head unit to become unresponsive.