A number of critical vulnerabilities have been discovered in the BlueSDK Bluetooth stack, which is used in multimedia systems of popular cars. Potentially, attackers can listen to conversations, gain access to contacts and geolocation. Owners of Mercedes, Volkswagen, Skoda and, probably, other brands are at risk.
A number of critical vulnerabilities have been discovered in the BlueSDK Bluetooth stack, which is used in multimedia systems of popular cars. Potentially, attackers can listen to conversations, gain access to contacts and geolocation. Owners of Mercedes, Volkswagen, Skoda and, probably, other brands are at risk.
According to BleepingComputer, researchers at PCA Cyber Security have discovered four vulnerabilities in the BlueSDK Bluetooth stack, identified as CVE-2024-45434, CVE-2024-45431, CVE-2024-45433, and CVE-2024-45432. Together, they form an exploit called PerfektBlue, which allows for remote code execution (RCE) attacks.
In theory, an attacker could connect to a car’s multimedia system via Bluetooth if the victim agrees to the connection (or it happens automatically). This would then give access to sensitive information from the connected devices, such as contacts, audio, GPS data, etc.
Researchers warned the stack developer (OpenSynergy) back in June 2024. The patch was released in September, but automakers have yet to implement it. According to PCA Cyber Security, no manufacturer has done so yet. The only exception was Volkswagen, which launched an internal investigation and published a list of conditions under which the vulnerability could be exploited:
The BlueSDK stack is used in many industries, including the automotive industry. Often, such components are implemented without understanding the real level of their security, which creates risks for both drivers and passengers. With the growth of connected cars, the issue of wireless security is becoming a priority. Given the passivity of most automakers, users should be careful about Bluetooth connections in their cars.
We previously wrote about how Android users are at risk of being redirected to fraudulent websites or unknowingly running commands in apps due to a newly discovered vulnerability in the notification system. Everything looks like a normal message with a link, but in reality it opens a completely different URL or activates a hidden action.
