Mercedes Skoda Volkswagen Security Threat

A significant security threat known as "PerfektBlue" has been identified, exposing Mercedes, Skoda, and Volkswagen vehicles, along with countless industrial, medical, mobile, and consumer devices, to remote code execution (RCE) attacks.

Researchers from PCA Cyber Security discovered four vulnerabilities in the widely used Blue SDK, a Bluetooth protocol stack and software development kit, on May 17, 2024.

Mercedes Skoda Volkswagen Security ThreatMercedes Skoda Volkswagen Security Threat

These vulnerabilities can be exploited together, allowing attackers to execute code remotely on devices that rely on this SDK for Bluetooth connectivity.

OpenSynergy, the developer of Blue SDK, claims that it has been integrated into 350 million vehicles, including those from major manufacturers like Mercedes-Benz, Volkswagen, and Skoda. Additionally, Blue SDK is present in over 1 billion embedded devices across various sectors, including consumer, mobile, industrial, and medical.

Mercedes Skoda Volkswagen Security ThreatMercedes Skoda Volkswagen Security Threat

Exploiting these vulnerabilities requires physical proximity, as an attacker must be within approximately 10 meters of the target device to initiate a pairing. However, Volkswagen has stated that several specific conditions must be met for the exploit to succeed, including the vehicle's ignition being on and the infotainment system being in pairing mode.

Our NPAV research team is dedicated to developing cutting-edge security solutions for IoT and vehicle infrastructure, aimed at protecting individuals from potential cyber breaches.
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security