🚘 PerfektBlue Bluetooth Flaws Expose Millions of Cars to Remote Attacks
Published: July 12, 2025
Author: Laxmikant Hire
Category: Vehicle Security / Bluetooth Vulnerability
⚠️ Major Bluetooth Security Issue in Cars
Cybersecurity experts have uncovered four dangerous vulnerabilities in OpenSynergy’s BlueSDK Bluetooth stack. Called PerfektBlue, these flaws could let hackers remotely run code on vehicles made by Mercedes-Benz, Volkswagen, Skoda, and another unnamed automaker.
🔍 Why PerfektBlue Is a Big Deal
These bugs involve memory and logic errors. When used together, they allow attackers to take full control of a car’s infotainment system over Bluetooth—without needing to log in or even be inside the vehicle.
Here’s what attackers could do:
- Track GPS location
- Record conversations
- Read contacts
- Potentially access critical car systems (if vehicle architecture is weak)
🧩 Vulnerability Breakdown
| CVE ID | Issue Description | CVSS Score |
|---|---|---|
| CVE-2024-45434 | Use-After-Free bug in AVRCP service | 8.0 |
| CVE-2024-45431 | Poor validation of Bluetooth channel | 3.5 |
| CVE-2024-45433 | Incorrect function end in RFCOMM | 5.7 |
| CVE-2024-45432 | Wrong parameter used in Bluetooth function call | 5.7 |
💥 Attack Scenario
Hackers need to be near the car and connect over Bluetooth. Once in, they could access the infotainment system, and possibly move laterally into deeper systems like the CAN bus, which controls door locks, steering, and more.
Researchers showed this in earlier hacks—including a demonstration with a Nissan Leaf and a remote-controlled Renault Clio, where they hijacked the car’s steering and acceleration using Python.
🛡 Vehicle Maker Responses & Safety Tips
Volkswagen stated:
“These vulnerabilities affect only the infotainment Bluetooth connection. Core driving functions are protected by separate systems.”
Still, attacks are possible if:
- The attacker is within 5–7 meters
- The car is on and in pairing mode
- The user manually approves the pairing
What should users do?
- Carefully verify pairing codes when connecting Bluetooth devices
- Only pair known devices
- Install all software updates—some may require a visit to your service center
🔗 Resources & References
Meta Description : PerfektBlue Bluetooth flaws in millions of cars allow remote code execution. Affected brands include VW, Mercedes, Skoda. Update now.