Cybersecurity flaws found in OpenSynergy's BlueSDK Bluetooth stack could lead to remote code execution in vehicles, impacting brands including Mercedes-Benz, Volkswagen, and Skoda. Dubbed PerfektBlue, these vulnerabilities consist of memory corruption and logical flaws that can be exploited in a chain. The attack requires physical proximity to the target vehicle's infotainment system via Bluetooth. There are varying implementation specifics based on the vehicles' internal network designs that might affect how the attack can be executed, demonstrating the risks associated with insufficient isolation in automotive systems.
PerfektBlue exploitation attack is a set of critical memory corruption and logical vulnerabilities found in OpenSynergy BlueSDK Bluetooth stack that can be chained together to obtain Remote Code Execution (RCE).
The only requirement to pull off the attack is that the bad actor needs to be within range and be able to pair their setup with the target vehicle's infotainment system over Bluetooth.
Collection
[
|
...
]