Subj : Bluetooth security flaws could affect thousands of Mercedes, Volk To : All From : TechnologyDaily Date : Fri Jul 11 2025 13:30:07 Bluetooth security flaws could affect thousands of Mercedes, Volkswagen, Skoda cars - here's what we know Date: Fri, 11 Jul 2025 12:20:00 +0000 Description: PerfektBlue allows threat actors to eavesdrop on conversations, but how much of a risk is it? FULL STORY ======================================================================Research ers find four flaws in the BlueSDK Bluetooth stack They can be chained into the "PerfektBlue" RCE attack Multiple car vendors are allegedly affected Security researchers have discovered four vulnerabilities in the BlueSDK Bluetooth stack which could be chained together for remote code execution (RCE) attacks. This stack is used by multiple vendors across different industries - including car manufacturing giants Mercedes, Volkswagen, and Skoda (and possibly others). In theory, a threat actor could abuse these flaws to connect to a cars infotainment system, and from there - eavesdrop on conversations, grab the contacts list from connected devices, track GPS coordinates, and more. Can an attack be pulled off? The bugs are not that easy to abuse, though, but first - lets get the formalities out of the way. The four vulnerabilities were found by PCA Cyber Security, and are tracked as CVE-2024-45434, CVE-2024-45431, CVE-2024-45433, and CVE-2024-45432. Their severity ranges from low to high, and are found in different components of the stack. Together, they were dubbed PerfektBlue. A threat actor looking to abuse them only needs one click from the victim - to accept the pairing of the bluetooth device with the vehicle. In some cars, even that is done automatically and without the victims input. PCA Cyber Security reported its findings to OpenSynergy, the company maintaining the BlueSDK Bluetooth stack, in June 2024. A fix was deployed in September the same year. However, the fix must then be applied by car manufacturers, and according to PCA Cyber Security, this hasnt been done yet. Only Volkswagen is currently investigating the matter, and gave a rather long list of prerequisites that need to be filled before the bug can be exploited, hinting that the risk isnt that big: - The attacker must be within a maximum distance of 5 to 7 meters from the vehicle, and must maintain that distance throughout the attack - The vehicle's ignition must be switched on - The infotainment system must be in pairing mode - The vehicle user must actively approve the external Bluetooth access of the attacker on the screen. Via BleepingComputer You might also like Skoda security flaws could let hackers remotely track cars Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/bluetooth-security-flaws-could-affect-t housands-of-mercedes-volkswagen-skoda-cars-heres-what-we-know --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .