Enhancing Security for XENTRY Programming: A Guide for Automotive Professionals

In today’s automotive repair landscape, the security of diagnostic and programming procedures is paramount. For users of XENTRY Diagnosis, especially those involved in ECU programming and coding with XENTRY Flash, Mercedes-Benz has implemented a significant enhancement to safeguard these critical operations. This article outlines the new mandatory second authentication process for XENTRY Flash, ensuring that your Xentry Programming activities are secure and compliant with the latest security standards.

To initiate commissioning, programming, and coding of Electronic Control Units (ECUs) via XENTRY Flash—collectively referred to as XENTRY programming—each user is now required to undergo a second layer of authentication. This added security measure mirrors the familiar two-factor authentication systems used in online banking and other sensitive applications.

Choose Your Authentication Method for Secure XENTRY Programming

For this second authentication step in XENTRY programming, you have the flexibility to choose between two convenient and robust methods:

  • Smartphone Authenticator App: Utilize a standard authenticator application on your smartphone. Popular options include PingID and Microsoft Authenticator, readily available for download on most mobile platforms.

  • USB Security Key: Opt for a USB security key for a hardware-based authentication approach. You can select any USB security key that adheres to the FIDO2 standard. These keys are widely available from electronics retailers and online marketplaces.

Alt text: FIDO2 USB Security Key for enhanced XENTRY programming security, illustrating hardware-based two-factor authentication.

It is highly recommended to set up both authentication methods from the outset. Having a backup authentication factor ensures uninterrupted workflow for your XENTRY programming tasks, even if one method becomes temporarily unavailable or is misplaced. To guide you through the setup process, Mercedes-Benz provides a helpful HelpCard which you can download for step-by-step instructions.

Downloadable Resources

— HelpCard: Multi-Factor Authentication Setup Guide for XENTRY Programming (PDF)

Resolving Second Factor Authentication Issues

Should you encounter difficulties with authentication and lose access to your XENTRY programming functions, several recovery options are available:

  1. Utilize Backup Authentication: If you’ve lost access to your smartphone authenticator but have configured a USB security key as a secondary method, simply use the USB key to authenticate and regain access to XENTRY programming.

  2. Contact Your Organization Administrator: If you lack an alternative second factor, reach out to your organization’s administrator. Administrators possess the authority to reset your second factor, enabling you to set up a new authentication method and restore your access to XENTRY programming. You can identify your Organization Administrator through the Alice platform under your profile data by clicking on “Administrators”.

Detailed instructions for organization administrators on resetting second factors are available in a dedicated PDF document.

Instructions for organization admins: Second Factor Reset Procedure for XENTRY Programming Access (PDF)

Versatile Applications of XENTRY Flash in Your Workshop

XENTRY Flash is a versatile tool that supports a wide range of essential workshop operations beyond just basic diagnostics. It is integral for XENTRY programming tasks, including flashing ECUs, performing SCN/CVN coding, and inputting equipment codes. XENTRY Flash compatibility extends across Mercedes-Benz Cars (including smart* models excluding smart model #1, Maybach, and SLR) and Mercedes-Benz Vans. For Mercedes-Benz Trucks, an efficient online parameterization process streamlines control unit replacements, ensuring rapid data availability within the workshop. Crucially, all these processes are seamlessly integrated within the familiar XENTRY Diagnosis and XENTRY DAS software environments, minimizing manual interventions and enhancing workflow efficiency for your technicians.

Alt text: XENTRY Diagnosis Kit 3, essential hardware for modern Mercedes-Benz vehicle diagnostics and secure XENTRY programming operations.

Automated SCN Coding and VeDoc Documentation

Following successful ECU programming, XENTRY Diagnosis automates critical post-programming steps. SCN coding, when permitted by the ECU, and VeDoc reverse documentation are executed automatically within the VeDoc Vehicle Documentation System. This ensures that all modifications to the vehicle or ECU software are meticulously recorded and updated on the VeDoc vehicle data card, maintaining accurate and up-to-date vehicle records.

Streamlined Workflow with Single Sign-On

For enhanced user convenience, XENTRY Diagnosis incorporates a Single Sign-On (SSO) feature. Once logged into one XENTRY workshop application, such as XENTRY Flash or WIS, further logins to central online systems are eliminated. This streamlined approach ensures a smoother workflow within your workshop. Users are automatically logged out of online systems only after one hour of inactivity, balancing security with operational efficiency.

Understanding Diagnosis User Rights

New Diagnosis User Rights Introduced in June 2020

With the introduction of the E-Class facelift and the new S-Class models, a new security framework was implemented, significantly impacting the utilization of XENTRY Diagnosis software.

Starting with the June 2020 data release, accessing the new E-Class and S-Class vehicles requires users to enter a personalized username and password. Diagnosing these vehicles is impossible without this authentication, meaning repair and diagnostic procedures necessitate diagnosis access authorization. Every user must complete an identification process to acquire the necessary user rights for the E-Class facelift and subsequent models. It is important to note that diagnosing these model series is no longer feasible with a XENTRY Diagnosis Kit 2; a XENTRY Diagnosis Kit 3 or later is now mandatory.

Two distinct tiers of user rights are now in place:

  • XENTRY Standard Diagnosis: Designed for users who do not require XENTRY Flash authorization. This level permits basic diagnostic functions such as reading and clearing fault memories.

  • XENTRY Flash User: This right corresponds to the previous XENTRY Flash user role, granting access to XENTRY programming and related functionalities.

Obtaining User Rights for XENTRY Programming and Diagnosis:

1. XENTRY Flash Authorization: Both XENTRY Flash roles (Standard-Flash and Extended Flash for all CeBAS vehicles) are obtainable through the UMAS portal. Each user must independently complete a one-time identification process via UMAS to acquire XENTRY Flash roles, essential for XENTRY programming.

2. XENTRY Standard Diagnosis Rights: All diagnosis users must independently request Standard Diagnosis rights via https://umas.mercedes-benz.com/umas and complete the one-off identification process. Market-specific ISP support may need to create the user in GEMS if a user ID is not already established.

The Rationale Behind Certificate-Based Diagnosis

Modern vehicles are increasingly sophisticated, evolving into “mobile computers.” This technological advancement, while offering numerous benefits, also makes vehicles potential targets for cyberattacks and unauthorized access. Growing media attention and forthcoming UNECE regulations mandate enhanced vehicle protection. Mercedes-Benz is proactively implementing robust security measures, including certificate-based diagnosis, to mitigate these risks. This certificate-based system protects against unauthorized diagnosis access by implementing user-related security certificates within the new Mercedes-Benz vehicle software architecture.

Vehicle Models Affected by Certificate-Based Diagnosis

Certificate-based diagnosis was initially introduced in E-Class facelift vehicles (W213 facelift model series) with specific control units. The S-Class W223 marked the full-scale implementation of this security measure. Moving forward, all new Mercedes-Benz model series and facelifts will incorporate certificate-based diagnosis as a standard security feature.

Changes to the Diagnosis Procedure

With the advent of certificate-based diagnosis, a manufacturer-provided certificate is now a prerequisite for performing diagnostics on affected vehicles. At the commencement of a diagnosis session, this certificate undergoes an automated exchange between the diagnostic tester and the vehicle. This background process is managed within the tester application, ensuring a seamless user experience while enhancing security.

Obtaining Certificates for Diagnosis

For Independent Workshops:

  • If you utilize a XENTRY Diagnosis Kit 3 or 4, or XENTRY Pass Thru EU, the necessary certificates are provided directly by Mercedes-Benz AG.
  • If you employ a diagnostic tool from an independent manufacturer, certificate provision depends on whether the tool manufacturer has a data agreement with Mercedes-Benz AG. In such cases, certificates are obtained through the tool manufacturer.

For Diagnosis Tool Manufacturers, Technical Inspection Agencies, and Official Bureaus: Specific procedures and agreements are in place for these entities to obtain necessary certificates. Contact Mercedes-Benz AG or relevant industry bodies for detailed information.

Associated Costs for Customers

Mercedes-Benz AG provides the required certificates to all customers completely free of charge, ensuring that enhanced security measures do not impose additional financial burdens on workshops or technicians.

Data Requirements for Access

Data requirements vary depending on the level of access needed.

  • Read Access Authorizations: These are organization-bound and must be issued to an organization or service operation.
  • Write Access Authorizations: These are personalized and necessitate prior personal authentication, either through Mercedes-Benz AG or the independent tool manufacturer, ensuring secure access for XENTRY programming and other write-enabled functions.

OBD-II Functionality and Access Restrictions

Standard OBD-II functions (SAE J1979) remain unrestricted and accessible without requiring certificates. However, all advanced diagnostic functions beyond OBD-II necessitate diagnosis certificates. The certificate requirement is access-level dependent, with some functions requiring organization-bound certificates and others requiring personalized certificates.

XENTRY Flash Support Resources

For XENTRY Flash assistance, navigate to the “Need help?” section within the XENTRY Diagnosis software. The FAQs section provides answers to common queries. If you cannot find a suitable solution in the FAQs, you can open a support ticket via the link at the bottom of the page for further assistance.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *