- Researchers find four flaws in Bluetooth Bluesdk battery
- They can be chained in the attack by Rce “Perfektblue”
- Several car sellers will be assigned
Security researchers discovered four vulnerabilities in the Bluetooth Bluesdk battery which could be chained for distant code execution attacks (RCE).
This battery is used by several suppliers in different industries – including the manufacturing of Mercedes, Volkswagen and Skoda cars (and perhaps others).
In theory, a threat actor could abuse these faults to connect to the infotainment system of a car, and from there – listen to the conversations, enter the list of contacts from connected devices, follow GPS coordinates, etc.
Can an attack be withdrawn?
Bogues are not so easy to abuse, but first – move away the formalities.
The four vulnerabilities were found by ACP cybersecurity and are followed as CVE-2024-45434, CVE-2024-45431, CVE-2024-45433 and CVE-2024-45432. Their severity varies from low to high and are in different components of the battery.
Together, they were nicknamed “Perfektblue”. A threat actor looking to abuse them only needs a click of the victim – to accept the couple of the Bluetooth device with the vehicle. In some cars, even it is done automatically and without the victim’s contributions.
PCA Cyber Security reported its results in OpenSynergy, the company retaining the Bluetooth Bluesdk battery in June 2024. An a fix was deployed in September the same year. However, the correction must then be applied by car manufacturers, and according to the cybersecurity of the APC, this has not yet been done.
Only Volkswagen is currently investigating the issue and has given a fairly long list of prerequisites that must be met before the bug can be exploited, suggesting that the risk is not so important:
– The attacker must be at a maximum distance of 5 to 7 meters from the vehicle and must maintain this distance throughout the attack
– vehicle ignition must be on
– The infotainment system must be in matching mode
– The vehicle user must actively approve the external Bluetooth access from the attacker to the screen.
Via Bleeping Compompute
