A set of four critical vulnerabilities discovered in OpenSynergy’s BlueSDK Bluetooth stack, dubbed “PerfektBlue,” has exposed millions of vehicles from multiple manufacturers to the risk of remote code execution (RCE). These vulnerabilities, identified by cybersecurity researchers at PCA Cyber Security, could potentially allow attackers to exploit infotainment systems in vehicles from major automakers like Mercedes-Benz, Volkswagen, and Skoda, along with a fourth unnamed original equipment manufacturer (OEM). The vulnerabilities, which can be chained together, allow attackers to take control of vehicles by leveraging Bluetooth connections.
The Vulnerabilities
The PerfektBlue vulnerabilities target the Bluetooth stack’s memory management and communication protocols, allowing attackers to exploit flaws in the system to gain unauthorized access. The vulnerabilities identified include:
- CVE-2024-45434 (CVSS score: 8.0): A Use-After-Free issue in the AVRCP service
- CVE-2024-45431 (CVSS score: 3.5): Improper validation of an L2CAP channel’s remote CID
- CVE-2024-45433 (CVSS score: 5.7): Incorrect function termination in RFCOMM
- CVE-2024-45432 (CVSS score: 5.7): Function call with incorrect parameters in RFCOMM
Once an attacker successfully exploits these vulnerabilities, they can gain remote access to the In-Vehicle Infotainment (IVI) system, enabling them to track GPS coordinates, record audio, access contact lists, and potentially even execute lateral movements within the vehicle’s internal network. If additional vulnerabilities are present, the attacker could escalate their access to critical vehicle systems, including control over the engine and other essential functions.
How the Exploits Work
The attack requires that the attacker be within Bluetooth range of the vehicle and that the vehicle’s infotainment system is either actively pairing with a Bluetooth device or in pairing mode. The attacker can exploit the vulnerabilities to access the system and issue commands, taking control of audio functions or accessing private information. While no vehicle safety systems—such as steering, brakes, or driver assistance systems—are directly affected, the infotainment system’s vulnerability can serve as an entry point for further exploitation of the vehicle’s internal network, depending on its design and the system’s isolation protocols.
Potential Impacts
While the risks primarily concern non-critical functions like the IVI system, the exploitation of PerfektBlue could offer attackers a foothold into a vehicle’s broader network. In certain cases, where weak segmentation or inadequate gateway-level enforcement is present, this could lead to lateral movement into other vehicle control systems, potentially compromising safety-critical systems. Attackers could then manipulate or exfiltrate data, severely disrupting vehicle operation or extracting sensitive information.
The Risk of Exploitation
The exploitation of the PerfektBlue vulnerabilities requires that a series of conditions are met simultaneously: the attacker must be within a range of 5 to 7 meters, the vehicle’s ignition must be on, and the user must be actively pairing their device with the infotainment system. Even with these conditions in place, exploitation is still dependent on the attacker gaining the user’s consent during the pairing process. Despite these requirements, the risks associated with Bluetooth exploitation are clear, as it enables attackers to bypass traditional security measures and gain unauthorized access to vehicle systems.
Manufacturer Responses
In response to these vulnerabilities, manufacturers like Volkswagen have acknowledged the risks and emphasized that vehicle systems outside of the infotainment domain are secure from remote access. The company also stressed that the exploitation of these vulnerabilities has yet to be seen in the wild. Volkswagen has committed to addressing the security gap with software updates and urges vehicle owners to ensure their systems are up-to-date. In some cases, the company recommends that users visit a dealership to have the necessary updates installed.
Mitigation and Protection
While automakers are rolling out patches to mitigate these vulnerabilities, vehicle users should remain vigilant. As part of their precautionary measures, users are encouraged to check their pairing data during the connection process, ensuring that the displayed numbers match those on their device. Additionally, vehicle users should apply any available software updates promptly to protect their systems from exploitation.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
