Modern vehicles are essentially computers on wheels, and like any connected device, they are vulnerable to cybersecurity threats. A new vulnerability dubbed PerfektBlue exposes millions of vehicles from brands like Mercedes-Benz, Volkswagen, and Skoda to serious risks—including remote code execution and potential surveillance.
The flaw lies in OpenSynergy’s BlueSDK, a Bluetooth software stack widely used in vehicle infotainment and management systems. PCA CyberSecurity, the firm that discovered the issue, warns that attackers can exploit the vulnerability with a “one-click” attack, enabling them to remotely install malware, track GPS locations, or even activate microphones through connected Bluetooth hardware.
A fourth automaker is also reportedly affected, though it has not yet been named. The range of attack is limited to about 30 feet, and the vehicle must be active for the exploit to work—however, that does little to ease concerns, especially given the widespread use of the vulnerable SDK.
What’s more troubling is that OpenSynergy and its partners have known about the flaw since May 2024, but many vehicle manufacturers still haven’t rolled out security updates. Although OpenSynergy patched the BlueSDK software by September 2024, numerous models on the road remain exposed due to slow adoption of the fix. Given the proprietary nature of in-car software, determining which specific vehicles and models are at risk is difficult, though experts believe millions could be affected.
Until automakers release proper patches, drivers should be cautious when using Bluetooth features and be aware of potential security warnings.
