- Researchers find four defects in the Bluetooth battery in Bluesdk
- They can be chained in the RCE attack “Perfektblue”
- Multiple car suppliers are affected
Security researchers have discovered four vulnerabilities in the Bluetooth Bluesdk battery that could be chained for remote code execution attacks (RCE).
This battery is used by multiple suppliers in different industries, including Mercedes, Volkswagen and Skoda car manufacturing giants (and possibly others).
In theory, a threat actor could abuse these defects to connect to the information and entertainment system of a car, and from there: Eavesdrop in conversations, take the list of connected devices contacts, track the GPS coordinates and more.
Can an attack be achieved?
However, errors are not so easy to abuse, but first, let’s eliminate the procedures from the road.
The four vulnerabilities were found by PCA Cyber Security, and are traced as CVE-2024-45434, CVE-2024-45431, CVE-2024-45433 and CVE-2024-45432. Its severity varies from low to high, and are found in different pile components.
Together, “Perfektblue” were nicknamed. A threat actor who seeks to abuse them only needs a click from the victim: accept the pairing of the Bluetooth device with the vehicle. In some cars, even that is done automatically and without the contribution of the victim.
PCA Cyber Security reported its findings at Opensynergy, the company maintained the Bluetooth Bluetooth battery, in June 2024. A solution was deployed in September of the same year. However, the solution must be applied by car manufacturers, and according to PCA cyber security, this has not yet been done.
Only Volkswagen is currently investigating the matter, and gave a fairly long list of previous requirements that must be filled before the error can be exploited, insinuating that the risk is not so large:
– The attacker must be at a maximum distance of 5 to 7 meters from the vehicle, and must maintain that distance throughout the attack
– The ignition of the vehicle must be on
– The information and entertainment system must be in a matter mode
– The vehicle user must actively approve the external Bluetooth access of the attacker on the screen.
Through Bleepingcomputer
