The four weaknesses dubbed the perfektblue and can be exploited to achieve distance code execution to affect the bluesdk Bluetooth stack from the opensynergy and possibly allows to reach important elements in vehicles of several vendors including Mercedes-Benz AG, Woakeswagen and Skoda.
Opensjeejee Confirmed flaws The patches were issued to customers in June last year and in September 2024, but many vehicle manufacturers have so far carried forward corrective firmware updates. At least one major OEM recently learned about security risks.
Safety issues can be chained simultaneously in an exploitation called researcher Perfectub attack And an over-the-air can be given by an attacker, “1-click from a user”. ,
Although bluesdk of opensynergy is widely used in the motor vehicle industry, vendors from other areas also use it.
Perfektblue attack
Pentator team PCA Cyber SecurityIn Automotive Security, the special company discovered the perfectBut weaknesses and informed them in May 2024. They are regular participants in PWN2OWN automotive competitions and have exposed more than 50 weaknesses in the car system since last year.
According to him, the perfect attack “affects millions of equipment in motor vehicles and other industries.”
Finding flaws in Bluesdk was possible by analyzing a compiled binary of the software product, as the source code was not accessible.
Glich listed below are in severity from at least high and can provide access to the internal of the car through the infotainment system.
- Cve-2024-45434 (High severity)-Used in AVRCP service for Brutith profile-Arch-Ary that allows remote control on media equipment
- Cve-2024-45431 (Low severity) – Inappropriate verification of a L2CAP ((logical link control and adaptation protocol)) remote channel identifier (CID) of the channel (CID)
- Cve-2024-45433 (Moderate Severity) – Radio frequency communication (RFComm) Protocol expires incorrect function
- Cve-2024-45432 (Moderate severity) – Call function with wrong parameter in RFComm Protocol
Researchers did not share full technical details about exploiting Perfektblue weaknesses, but said an attacker added to the affected device to “manipulate the system, increase privileges and exploit them to make lateral movement for other components of the target product.”
PCA Cyber Security Perfektblue attacks demonstrated Volkswagen ID.4 (ICAS3 system), Mercedes-Benz (NTG6), and Skoda Superb (MIB3) on Infotainment Head Units, and on top of TCP/IP receive a reverse shell on top of TCP/IP that allows communication between equipment on a network, such as a car in a car.
Researchers say that a hacker with remote code execution on in-vehicle Infotainment (IVI) can track GPS coordinates, can reach the phone contacts on conversations in the car, reach phone connectivity, and potentially transfer to more important subcistim in the vehicle.
Source: PCA Cyber Security
Risk and risk
Bluesdk of opensynergy is widely used in the motor vehicle industry, but it is difficult to determine what the sellers rely on what causes adaptation and repetition processes to rely on it, as well as lack of transparency about a car’s embedded software components.
Perfektblue is primarily 1-click RCE because most of the time the user needs to trick it to allow pairing with the attacker device. However, some vehicle manufacturers configure the infotainment system to create a pair without any confirmation.
PCA Cyber Security told Blapping Computer that he informed Volkswagen, Mercedes-Benz and Skoda about the weaknesses and gave them enough time to apply the patch, but researchers did not get any response from vendors about addressing the issues.
Bleepingcomputer has contacted three vehicle manufacturers whether they have pushed the improvements of Opensynergy. There was no immediate Mercedes statement and Volkswagen said that after knowing about the issues, he immediately started investigating the effects and methods to remove the risks.
A spokesman from Volkwagen told us, “The investigation revealed that under certain conditions it is possible that you should connect with the infotainment system of the vehicle through Bluetooth without any authority.”
The German car manufacturer said that taking advantage of the weaknesses is possible only when many conditions are fulfilled at the same time:
- The attacker is within a maximum distance of 5 to 7 meters from the vehicle.
- The ignition of the vehicle should be switched.
- The infotainment system should be in pairing mode, that is, the vehicle user should be actively added to a Bluetooth device.
- The vehicle user should actively approve the outer Bluetooth access of the attacker on the screen.
Even if these conditions occur and an attacker connects to the Bluetooth interface, then “they should stay within a maximum distance of 5 to 7 meters from the vehicle” to maintain access, the Volkswagen representative said.
The seller underlined that in the case of a successful exploitation, a hacker cannot interfere with important vehicle tasks such as steering, driver assistance, engine, or brakes because they are “on a separate control unit protected against external intervention by their own safety functions.”
PCA Cyber Security told Blapping communal that last month he confirmed PerfectBu, in a fourth OEM of the automotive industry, who said Opensergey had not informed him about issues.
Researchers told us, “We decided not to disclose this OEM as they did not have enough time to react.”
“We plan to disclose the details about the complete technical details of Perfektblue in the format of a conference in November 2025 along with this affected OEM.”
Bleepingcomputer has also contacted Opensynergy to inquire about the effect of Perfektblue on its customers and how many are affected, but we have not received answers at the time of publication.
While cloud attacks can be more sophisticated, the attackers still succeed with surprisingly simple techniques.
Drawing by the detection of Vij in thousands of organizations, this report reveals the 8 major techniques used by Claude-Floid danger actors.
