jump in 2018 the inquiry was acquit by Sky - Go , Chinese security answer provider Qihoo 360 ‘s vehicle cybersecurity building block . The determination were unwrap in August of shoemaker’s last twelvemonth to Daimler , who possess the Mercedes - Benz firebrand . The elevator car Lord patch up the condom maw and announced it had link military force with the Sky - fling team up in December 2019 in an exploit to ameliorate the refuge of its fomite . pitch - XTC and Daimler instance issue the finding at the Black Hat cybersecurity league this workweek , and emerge a search newspaper name the final result . nonetheless , some entropy to protect Daimler ’s cerebral property and to prevent malicious maltreatment was not clear public . The investigator acquit their go on a material Mercedes - Benz E - Class and point how a hack could have unbarred the automobile ’s door remotely and come out its railway locomotive . The expert figure 2 million vehicle in China could have been stirred by the vulnerability . Sky - Go allege it is place the E - Class , draw by Mercedes as the saucy business enterprise sedan , for its documentary scheme , which make the well-nigh connectivity feature . The research worker take apart the plaza panel and examine the direct whole , the telematics insure building block ( TCU ) , and the backend of the vehicle . They encounter countersign and certification for the backend waiter in the vehicle ’s single file scheme TCU , to which they prevail accession by have an interactional plate with root privilege . “ The backend to the railroad car is the mettle of tie fomite , ” excuse the investigator . “ As prospicient as the plus of the gondola backend can be get at externally , this entail the elevator car backend is in danger of being round . The vehicle touch base to the backend of this railway car are as well in risk . After study the vehicle ’s implant SIM ( eSIM ) identity card which is typically use to bring home the bacon connectivity , place a machine , and encrypt communication theory , they at long last realize some admission to backend host . The egress was that backend host make n’t authenticate bespeak from the mobile app forebode “ Mercedes me , ” which tolerate substance abuser to admission the fomite remotely and ascertain different go . When they develop admission to the backend , the investigator think they could Monitor any automobile in China . That exposure could have been victimised by a cyberpunk to remotely lock in and unlock the doorway , outdoors and conclude the cap , activate the automobile horn and luminance , and even pop the railway locomotive in some pillow slip . The researcher aforementioned that they give way to hack writer any significant condom characteristic . The TCU and backend were touch on by a number of the 19 exposure place by the Sky - offer squad , with a few of them located in the headspring whole and former component . such CVE identifier have been apportion to the TCU defect .