Post

PerfektBlue Bluetooth Attack: A Critical Threat to Mercedes, Volkswagen, and Skoda Infotainment Systems

Discover how the PerfektBlue Bluetooth attack exploits vulnerabilities in OpenSynergy's BlueSDK, affecting millions of vehicles from top brands like Mercedes, Volkswagen, and Skoda. Learn about the risks and how to protect yourself.

Posted
By Vitus White
3 min read
PerfektBlue Bluetooth Attack: A Critical Threat to Mercedes, Volkswagen, and Skoda Infotainment Systems

TL;DR

Researchers at PCA Cyber Security have identified critical vulnerabilities in OpenSynergy’s BlueSDK Bluetooth stack, dubbed PerfektBlue, which allow remote code execution and could enable attackers to hack car systems remotely. The attack primarily targets the infotainment systems of Mercedes-Benz, Volkswagen, and Skoda, potentially allowing attackers to track locations, record audio, access phonebook data, and even manipulate critical functions like steering and wipers. Users are advised to update their systems or disable Bluetooth to stay safe.

PerfektBlue Bluetooth Attack: A Critical Threat to Automotive Infotainment Systems

Researchers at PCA Cyber Security have uncovered a set of critical vulnerabilities, collectively referred to as PerfektBlue, in OpenSynergy’s BlueSDK Bluetooth stack. These vulnerabilities could allow remote code execution, potentially affecting millions of vehicles and enabling attackers to hack car systems remotely.

Understanding OpenSynergy’s BlueSDK

OpenSynergy’s BlueSDK is a widely used Bluetooth implementation in the automotive industry. It supports both Classic and Low Energy modes, is hardware-agnostic, and includes various standard Bluetooth profiles. This flexibility makes it a popular choice for vendors, but it also introduces potential vulnerabilities.

The PerfektBlue Attack Chain

The PerfektBlue attack exploits Bluetooth flaws to hack a car’s infotainment system, enabling:

  • Location tracking
  • Audio recording
  • Access to phonebook data
  • Potential lateral movement to critical functions like steering and wipers

The attack requires pairing with the target device to achieve an appropriate security communication level. However, this process can vary significantly between devices, with some allowing unlimited pairing requests or even disabling pairing entirely 1.

Affected Vehicles and Systems

The OpenSynergy BlueSDK Bluetooth framework is widely used in cars, particularly by vendors like Mercedes-Benz, Volkswagen, and Skoda. These issues primarily impact the automotive sector, though other devices may also be affected. To mitigate risks, users should update their systems or disable Bluetooth.

Discovered Vulnerabilities

The researchers identified several vulnerabilities in the BlueSDK Bluetooth stack:

CVE ID Description CVSS 3.1 Score
CVE-2024-45434 Use-After-Free in AVRCP service 8.0 (Critical)
CVE-2024-45431 Improper validation of an L2CAP channel’s remote CID 3.5 (Low)
CVE-2024-45433 Incorrect function termination in RFCOMM 5.7 (Medium)
CVE-2024-45432 Function call with incorrect parameter in RFCOMM 5.7 (Medium)

Demonstrated Attacks

The researchers demonstrated the PerfektBlue attack against:

  • Mercedes-Benz NTG6 head unit
  • Volkswagen MEB ICAS3 head unit
  • Skoda MIB3 head unit

Proof-of-concept exploits were devised for these infotainment systems, highlighting the potential risks.

Advisory and Mitigation

The researchers reported the flaws to the OpenSynergy Security Team on May 17, 2024. OpenSynergy confirmed the vulnerabilities and began working on patches, which were completed in September 2024. In March 2025, PCA Cyber Security initiated responsible disclosure, allowing OpenSynergy time to review the findings. The advisory was officially released on July 7, 2025, to raise awareness and encourage faster remediation 2.

Staying Safe

To protect against the PerfektBlue attack, users should:

  • Update their systems with the latest patches
  • Disable Bluetooth when not in use
  • Be cautious of pairing requests from unknown devices

For further insights, check:

Conclusion

The PerfektBlue Bluetooth attack highlights the critical need for robust security measures in automotive infotainment systems. As vehicles become more connected, it is essential for manufacturers and users to stay vigilant and proactive in addressing potential vulnerabilities. By keeping systems updated and following best practices, we can mitigate risks and ensure safer driving experiences.

References

  1. PCA Cyber Security (2025). “PerfektBlue Advisory”. PCA Cyber Security. Retrieved 2025-07-10. ↩︎

  2. PCA Cyber Security (2025). “PerfektBlue Advisory”. PCA Cyber Security. Retrieved 2025-07-10. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat-intelligence automotive security
This post is licensed under CC BY 4.0 by the author.