Recent cybersecurity research has unveiled a series of critical vulnerabilities within OpenSynergy’s BlueSDK Bluetooth stack, collectively termed PerfektBlue. These flaws pose significant risks, potentially allowing remote code execution (RCE) on millions of vehicles from major manufacturers, including Mercedes-Benz, Volkswagen, and Škoda. An additional, unnamed original equipment manufacturer (OEM) has also been identified as affected.
Understanding the PerfektBlue Vulnerabilities
The PerfektBlue exploit chain comprises four distinct vulnerabilities:
1. CVE-2024-45434: A Use-After-Free (UAF) condition in the Audio/Video Remote Control Profile (AVRCP) service, carrying a CVSS score of 8.0. This flaw arises when the system fails to validate the existence of an object before performing operations, allowing attackers to manipulate freed memory regions and execute arbitrary code.
2. CVE-2024-45431: Improper validation of an L2CAP channel’s remote Channel Identifier (CID), with a CVSS score of 3.5. This vulnerability permits attackers to create L2CAP channels with null identifiers as remote CIDs, potentially bypassing security mechanisms.
3. CVE-2024-45433: Incorrect function termination in the Radio Frequency Communication (RFCOMM) protocol, scoring 5.7 on the CVSS scale. This issue involves the lack of proper return control flow after detecting unusual conditions.
4. CVE-2024-45432: Function call with incorrect parameters in RFCOMM, also with a CVSS score of 5.7. This flaw stems from function calls using incorrect variables as arguments.
When exploited in sequence, these vulnerabilities enable attackers to achieve RCE on a vehicle’s In-Vehicle Infotainment (IVI) system. This access can lead to unauthorized tracking of GPS coordinates, audio recording, retrieval of contact lists, and potential lateral movement to other systems within the vehicle. Such movement could allow control over critical functions, including the engine, steering, horn, and wipers. While direct control over these functions has not been demonstrated, previous research indicates the feasibility of moving from a car’s infotainment system to more critical systems. ([securityweek.com](https://www.securityweek.com/millions-of-cars-exposed-to-remote-hacking-via-perfektblue-attack/?utm_source=openai))
Attack Methodology and Requirements
To execute a PerfektBlue attack, an adversary must be within Bluetooth range of the target vehicle and establish a pairing with its infotainment system. The pairing process varies across devices due to the framework nature of BlueSDK. Some systems may allow unlimited pairing requests without user interaction, while others may require user confirmation or have pairing disabled entirely. In cases where pairing is possible without user interaction, the attack becomes a near one-click exploit. ([thehackernews.com](https://thehackernews.com/2025/07/perfektblue-bluetooth-vulnerabilities.html?utm_source=openai))
Impacted Vehicles and Manufacturers
The PerfektBlue vulnerabilities have been demonstrated on recent infotainment models in vehicles from Mercedes-Benz, Volkswagen, and Škoda. Specific models include:
– Mercedes-Benz: NTG6/NTG7 head units.
– Volkswagen: MEB ICAS3 infotainment systems, notably in the ID.4 model line.
– Škoda: MIB3 head units, such as those in the Superb model line.
An additional OEM, which remains unnamed, has also been identified as affected. BlueSDK’s widespread use means that millions of devices, including mobile phones and other portable gadgets from various tech companies, are potentially vulnerable. ([securityweek.com](https://www.securityweek.com/millions-of-cars-exposed-to-remote-hacking-via-perfektblue-attack/?utm_source=openai))
Disclosure and Patch Deployment
PCA Cyber Security reported the PerfektBlue vulnerabilities to OpenSynergy in May 2024. Subsequently, patches were released in September 2024. However, due to the complexities of the automotive supply chain, some manufacturers did not receive or implement these patches until June 2025. This delay underscores the challenges in promptly addressing security vulnerabilities within the automotive industry. ([cybersecuritynews.com](https://cybersecuritynews.com/bluetooth-protocol-stack-vulnerabilities/?utm_source=openai))
Mitigation Strategies
To protect against potential exploits stemming from the PerfektBlue vulnerabilities, the following measures are recommended:
1. Firmware Updates: Vehicle owners should ensure their infotainment systems are updated with the latest firmware patches provided by manufacturers.
2. Disable Bluetooth When Not in Use: Turning off Bluetooth functionality when it’s not needed can reduce the risk of unauthorized access.
3. Network Segmentation: Manufacturers should implement robust network segmentation within vehicles to prevent lateral movement from IVI systems to critical vehicle components.
4. Enhanced Security Protocols: Automakers are encouraged to prioritize security validation in Bluetooth stack implementations and establish comprehensive vulnerability disclosure processes.
Broader Implications and Industry Response
The PerfektBlue vulnerabilities highlight the evolving landscape of automotive cybersecurity threats. As vehicles become increasingly connected, the attack surface expands, necessitating proactive security measures. The automotive industry must adopt a holistic approach to cybersecurity, encompassing regular software updates, rigorous security testing, and transparent communication with consumers regarding potential risks.
In response to these findings, manufacturers are urged to collaborate closely with cybersecurity researchers to identify and mitigate vulnerabilities promptly. Additionally, consumers should remain vigilant, staying informed about potential security issues and adhering to best practices for digital safety.
Conclusion
The discovery of the PerfektBlue vulnerabilities serves as a critical reminder of the importance of cybersecurity in modern vehicles. By understanding the nature of these flaws and implementing recommended mitigation strategies, both manufacturers and consumers can work together to enhance the security and safety of connected vehicles.
