Your Mercedes or Volkswagen could get hacked via Bluetooth
Cars are computers too, and just like their digital counterparts, they're vulnerable to hacking issues. A newly discovered flaw in the Bluetooth system of vehicles made by Mercedes-Benz, Volkswagen, and Skoda means that millions of cars on the road could be at risk.
The vulnerability, dubbed PerfektBlue, affects vehicles that use OpenSynergy's BlueSDK system, which powers major infotainment and vehicle management systems in Volkswagen and Mercedes cars. Czech manufacturer Skoda has also confirmed its vehicles are vulnerable to this issue. A fourth manufacturer has been identified, but their name hasn't been disclosed due to proprietary reasons.
PCA CyberSecurity discovered the PerfektBlue vulnerability and warns that remote code execution is possible on these systems, which means installing malware or other programs can be done with just one click. Additionally, GPS location tracking, microphone recording, and other malicious activities can also be carried out using Bluetooth-connected hardware.
The alarming part? Software vendor OpenSynergy and its vehicle manufacturer partners have known about this issue for over a year. According to BleepingComputer, OpenSynergy received PCA CyberSecurity's report in May 2024 and issued security patches for BlueSDK by September. However, many of the manufacturers using the system still haven't released software updates that patch the vulnerabilities.
This is where things get even more concerning. Millions of cars could be affected, but it's difficult to determine which specific car brands and models have BlueSDK and which version, due to proprietary systems.
The "one-click" PerfektBlue exploit requires access via Bluetooth, limiting its effective range to about 30 feet. It also only works while the car is operating, making it a relatively contained attack vector. However, this doesn't mean it's not a serious threat – if an attacker can exploit this vulnerability, they could potentially gain control over the vehicle's systems.
The Takeaway
While the PerfektBlue vulnerability has been known about for over a year, its impact is still being felt. With millions of cars on the road potentially at risk, it's essential to take this threat seriously and urge manufacturers to release software updates that patch these vulnerabilities as soon as possible.
The Expert Weighs In
Michael Crider, a 10-year veteran of technology journalism, covers everything from Apple to ZTE. As the resident keyboard nut on PCWorld, Michael is always on the lookout for the latest and greatest in computer hardware. When he's not reviewing new keyboards or building his desktop rig, you can find him covering events like CES and Mobile World Congress live.