PerfektBlue 1-click RCE attack
PerfektBlue 1-click RCE attack
PerfektBlue 1-click RCE attack
Source: PCA Cyber Security
Affected Devices and Impact:
The OpenSynergy BlueSDK framework, widely used in the automotive industry, has vulnerabilities. Although used in other domains such as mobile phones and portable devices, many vulnerable devices are related to automobiles.
Public resources with Bluetooth certification information were utilized to identify vendors and products that employ the BlueSDK framework. Affected vendors include:
- Mercedes-Benz AG
- Volkswagen
- Skoda
Possession of code execution on an IVI device allows an attacker to:
- Track GPS coordinates
- Record audio inside a car
- Access personal phonebook information
- Execute lateral movement to other ECUs, either legitimately or by exploiting other software components, gaining access to critical elements within a vehicle.
Protection Against PerfektBlue:
Update your system or disable Bluetooth functionality entirely.
To read the complete article see:
PerfektBlue Article
This post is licensed under CC BY 4.0 by the author.