Your Mercedes or VW could get hacked via Bluetooth

Cars are also computers, especially all cars made in the past decade. And this means that they are vulnerable to some of the same types of hacking problems that affect computers, if not frequently targeted. A newly discovered flaw in their Bluetooth system means that vehicles manufactured by Mercedes-Benz, Volkswagen and Skoda are vulnerable to a “one click” attack, including the execution of the remote code.

So let’s say the PCA cybersecurity, which nicknamed the Vulnerability PerfektBlue. This is a problem with vehicles that use OpenSynergy’s Bluesdk system, which includes the main infodivement and vehicle management systems in Volkswagen and Mercedes cars, the Czech manufacturer Skoda has also confirmed vulnerable. A fourth manufacturer has been confirmed, but was not appointed. The execution of remote code on these systems is possible, that is to say the installation of a payload of malware or another program, as well as monitoring of the GPS location and the recording of microphones with material connected to Bluetooth, among other problems.

Alarming, the supplier of OpenSynergy software and its vehicle manufacturer’s partners have known this problem for over a year, according to BleepingCompute. OpenSynergy confirmed that she had received the PCA cybersecurity report in May 2024 and had issued security fixes for Bluesdk by September, but many manufacturers using the system have still not published software updates to correct vulnerabilities. Millions of roads on the road could be affected, although because of proprietary systems, it is difficult to nail exactly car brands and models have Bluesdk and what version.

Although it is remarkably easy for an attacker to use the perfektblue feat “in one click”, it always requires access via Bluetooth. This limits the effective beach to around 30 feet, and it is only possible while the car works.