To further enhance the security of vehicle diagnostics, a mandatory second authentication factor is now required for all users when commissioning, programming, and coding ECUs (XENTRY Flash). This added layer of protection is similar to the TAN authentication process used in online banking, ensuring a robust defense against unauthorized access.
For authentication, you will need one of the following two factors:
- Smartphone authenticator app (e.g., PingID, Microsoft Authenticator)
OR
- USB security key. You can use any key of your choice as long as it supports the FIDO2 standard. These keys are readily available from specialized electronics retailers or directly from manufacturers.
It is highly recommended to set up both options immediately. Having both methods configured ensures that if you lose access to one authentication factor, you can continue your work seamlessly using the other.
To guide you through the setup process, a concise Help Card is available for download:
Download
— Help Card (PDF)
Resetting the Second Factor
If you are unable to authenticate yourself due to issues with your second factor, you have several recovery options:
-
If you have lost or forgotten your smartphone but have set up a USB security key as an alternative second factor, you can use the security key for authentication.
-
If you have not configured an alternative second factor, please contact your organization’s system administrator. The system administrator has the ability to reset your second factor, allowing you to create a new one. If you are unsure who your system administrator is, you can find this information via Alice under your profile data. Simply click on the “Administrators” button.
Instructions for organizational administrators on resetting the second factor are available for download: (PDF)
Versatile Applications for Your Workshop with XENTRY Flash
Whether it’s flashing, SCN/CVN coding, or inputting equipment codes, XENTRY Flash provides comprehensive support for Mercedes-Benz passenger cars (including smart*, Maybach, and SLR models) and Mercedes-Benz Vans. All processes are conveniently integrated within the diagnostic software suite (XENTRY Diagnosis, XENTRY DAS), minimizing manual intervention for workshop technicians and streamlining the workflow.
*excluding smart model 1
Automated SCN Coding and VeDoc Back Documentation
Following control unit programming, SCN coding (if enabled by the control unit) and back documentation are automatically executed in the VeDoc vehicle documentation system. Any modifications to the vehicle or control unit software are promptly updated in the VeDoc vehicle data card, ensuring accurate and up-to-date records.
Single Sign-On for Enhanced Convenience in XENTRY Diagnosis
Once you are logged into one of our workshop applications, such as XENTRY Flash or WIS, there is no need for further logins to access other central online systems. This single sign-on functionality ensures seamless workflows within your workshop, saving valuable time and effort.
Diagnostic User Rights: New Security Measures from 06/2020
With the facelift of the E-Class and the introduction of the new S-Class, a new security concept has been implemented, significantly impacting the XENTRY diagnostic software and user access rights.
Starting from data release 06/2020, accessing the new E-Class and S-Class models requires the entry of a personalized username and password. Diagnosing these vehicles is not possible without providing this information, meaning diagnostic access permission is now mandatory for repair and diagnostic procedures. All users must complete an identification process to obtain the necessary user rights for the E-Class facelift and subsequent models. It’s important to note that diagnosing these model series is no longer feasible using the XENTRY Diagnosis Kit 2. XENTRY Diagnosis Kit 3 or higher is now the minimum requirement.
Two types of user rights are differentiated:
• XENTRY Standard Diagnostics: Designed for diagnostic users without XENTRY Flash authorization, primarily for tasks such as reading and clearing fault memories.
• XENTRY Flash User: Corresponds to the current XENTRY Flash user profile, granting broader access for flashing and programming functions.
Please utilize one of the following options to acquire the necessary user rights:
1. XENTRY Flash Authorization: Both XENTRY Flash roles (Standard Flash role and Extended Flash role for all CeBAS vehicles) can be applied for via UMAS. Each user must independently complete a one-time identification process on UMAS to obtain the Flash roles.
2. XENTRY Standard Diagnostic Rights: All diagnostic users are required to independently request Standard diagnostic rights via https://umas.mercedes-benz.com/umas and complete the one-time identification process. Market-specific internet provider support may also need to create the user in GEMS if a user ID is not already in place.
Certificate-Based Diagnostics: Why the Introduction?
Vehicles are increasingly evolving into “mobile computers,” which, unfortunately, makes them more susceptible to hacker attacks and misuse. Reports of such incidents in the media have significantly increased. To address these growing concerns, UN-ECE regulations will mandate vehicle protection in the future. Mercedes-Benz is proactively implementing corresponding security measures.
To safeguard against unauthorized access to diagnostics, the new Mercedes-Benz vehicle software architecture now incorporates user-linked security certificates, adding a critical layer of protection.
Which Vehicles Are Affected by Certificate-Based XENTRY Diagnostics?
Certificate-based diagnostics were initially introduced with specific control units in the E-Class facelift vehicles (W213 model series facelift). The S-Class W223 saw the full implementation of this enhanced security measure. Moving forward, all new model series and facelifts will be equipped with certificate-based diagnostics as a standard security feature.
What Changes in Diagnostics with Certificate Based Security?
In the future, performing diagnostics will necessitate a manufacturer-provided certificate. At the start of a diagnostic session, this certificate is exchanged between the diagnostic tester and the vehicle. This process is managed within the tester application and operates seamlessly in the background, ensuring a smooth user experience while maintaining robust security.
Obtaining Certificates and Registration for XENTRY Diagnostics
For Independent Workshops:
- If you possess a XENTRY Diagnosis Kit 3 or 4 package, or utilize XENTRY Pass Thru EU, the necessary certificates are provided directly by Mercedes-Benz AG.
- If you are using a diagnostic tool from an independent manufacturer, the certificates are provided by the tool manufacturer, provided they have a data usage agreement with Mercedes-Benz AG.
For Diagnostic Tool Manufacturers:
For Technical Inspection Agencies or Official Authorities:
For specific information regarding certificate acquisition and registration processes for diagnostic tool manufacturers and technical inspection agencies, please refer to the dedicated documentation on the XENTRY portal or contact Mercedes-Benz support directly.
Costs Associated with Certificate-Based Diagnostics
Mercedes-Benz AG provides the required certificates free of charge to all customers, ensuring that enhanced security does not impose additional financial burdens on workshops or service providers.
Required Data for XENTRY Diagnostics Access (Personal Reference/Identification, etc.)
The data requirements depend on the access level needed:
- Read access permissions are organization-bound and must be issued to an organization/service operation, allowing for basic diagnostic functions.
- Write access permissions are personalized and require prior personal authentication, either with Mercedes-Benz AG or the independent tool manufacturer, ensuring secure access to more sensitive functions like programming and coding.
OBD-II Access and Functionality Without Certification
OBD-II functions (SAE J1979) remain accessible without restrictions. All extended diagnostic functions beyond OBD-II require diagnostic certificates. These certificates are either linked to an organization or a specific person, depending on the level of access authorization required.
XENTRY Flash Support and Further Assistance
For any further assistance or specific inquiries regarding XENTRY Flash or certificate-based diagnostics, you can select the appropriate category under the “Need help?” menu. If you cannot find a suitable answer in the FAQ, you can open a ticket via the link at the bottom of the page for dedicated support.
