Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack

PCA Cyber Security has discovered critical vulnerabilities in the BlueSDK Bluetooth stack that could have allowed remote code execution on car systems.

Researchers at penetration testing and threat intelligence firm PCA Cyber Security (formerly PCAutomotive) have discovered that critical vulnerabilities affecting a widely used Bluetooth stack could be exploited to remotely hack millions of cars.

The researchers conducted an analysis of the BlueSDK Bluetooth framework developed by OpenSynergy and found several vulnerabilities, including ones that enable remote code execution, bypassing security mechanisms, and information leaks.

They demonstrated how some of these flaws could be chained in what they named a PerfektBlue attack to remotely hack into a car’s infotainment system. From there the attacker can track the vehicle’s location, record audio from inside the car, and obtain the victim’s phonebook data.

The attacker may also be able to move laterally to other systems and potentially take control ...