# Driving into the Unknown: Investigating and Addressing Security Breaches in Vehicle Infotainment Systems

**Authors:** Minrui Yan, George Crane, Dean Suillivan, Haoqi Shan

PMC · DOI: 10.3390/s26010077 · Sensors (Basel, Switzerland) · 2025-12-22

## TL;DR

This paper explores security vulnerabilities in vehicle infotainment systems and introduces a framework to uncover and address them, leading to the discovery of 23 vulnerabilities in major automotive systems.

## Contribution

A novel cross-layer security framework that combines firmware extraction, symbolic execution, and fuzzing to identify high-impact web vulnerabilities in IVI systems.

## Key findings

- The framework uncovered 23 vulnerabilities, including seven CVEs, across seven automotive systems.
- A fully realized exploit was demonstrated, enabling remote control of approximately six million Mercedes-Benz vehicles.
- Hardcoded credentials in IVI firmware create a significant cross-layer attack surface.

## Abstract

The rise of connected and automated vehicles has transformed in-vehicle infotainment (IVI) systems into critical gateways linking user interfaces, vehicular networks, and cloud-based fleet services. A concerning architectural reality is that hardcoded credentials like access point names (APNs) in IVI firmware create a cross-layer attack surface where local exposure can escalate into entire vehicle fleets being remotely compromised. To address this risk, we propose a cross-layer security framework that integrates firmware extraction, symbolic execution, and targeted fuzzing to reconstruct authentic IVI-to-backend interactions and uncover high-impact web vulnerabilities such as server-side request forgery (SSRF) and broken access control. Applied across seven diverse automotive systems, including major original equipment manufacturers (OEMs) (Mercedes-Benz, Tesla, SAIC, FAW-VW, Denza), Tier-1 supplier Bosch, and advanced driver assistance systems (ADAS) vendor Minieye, our approach exposes systemic anti-patterns and demonstrates a fully realized exploit that enables remote control of approximately six million Mercedes-Benz vehicles. All 23 discovered vulnerabilities, including seven CVEs, were patched within one month. In closed automotive ecosystems, we argue that the true measure of efficacy lies not in maximizing code coverage but in discovering actionable, fleet-wide attack paths, which is precisely what our approach delivers.

## Full-text entities

- **Chemicals:** Benz (-)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12788108/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12788108/full.md

## References

40 references — full list in the complete paper: https://tomesphere.com/paper/PMC12788108/full.md

---
Source: https://tomesphere.com/paper/PMC12788108