Security concerns in the automotive industry continue to grow as more vehicles integrate advanced connectivity features. As carmakers pursue seamless digital experiences, new vulnerabilities gain the potential to affect not only individual vehicles but also millions of users worldwide. Recent findings illustrate how infotainment systems, designed for convenience, can introduce unseen points of entry for cyber attackers, raising questions about the interplay between innovation, user safety, and rapid response from industry stakeholders.
Earlier public discussions of automotive cybersecurity focused on theoretical risks and isolated incidents, often involving remote keyless entry or Wi-Fi connectivity. Past reports centered on vulnerabilities in proprietary systems or less widely adopted platforms, with rapid patch deployment generally addressing exposures. The large number of vehicles using the OpenSynergy BlueSDK framework marks a departure from previous cases, with multiple well-known brands now simultaneously affected. Delayed patch distribution reported here suggests an emerging pattern of complex supply chain hurdles unique to automotive technology.
Which Vehicles Face the Highest Risk?
OpenSynergy’s BlueSDK Bluetooth stack is widely used in embedded automotive systems and is present in Mercedes-Benz, Volkswagen, and Skoda models. A fourth car manufacturer utilizing this technology remains unnamed by researchers. Specific systems affected include the Mercedes-Benz NTG6 infotainment unit, Volkswagen’s MEB ICAS3 module used in electric .ID vehicles, and Skoda’s MIB3 system found in its Superb lineup.
How Could Attackers Gain Access to Vehicle Systems?
To exploit these vulnerabilities—collectively named PerfektBlue—an attacker must be within Bluetooth range and achieve successful pairing with a vehicle’s infotainment interface. The pairing process varies according to each manufacturer’s configuration of BlueSDK, with some setups requiring user approval and others allowing easier connections. When these four security flaws are chained, unauthorized access to the infotainment operating system becomes possible.
What Is the Impact of These Bluetooth Vulnerabilities?
The risks relate chiefly to remote code execution on targeted vehicles, enabling potential access to sensitive data and vehicle interfaces. Researchers demonstrated this through proof-of-concept attacks, achieving reverse shell access on infotainment units. Key vulnerabilities involve a critical use-after-free issue in the AVRCP service (CVE-2024-45434, CVSS 8.0) and weaknesses in Bluetooth protocol handling within L2CAP and RFCOMM. Opportunities for lateral movement inside vehicle networks depend on manufacturers’ security architecture and network segmentation.
Patch management remains a persistent challenge. Although OpenSynergy developed fixes by September 2024—following initial reports in May—the process of updating affected vehicles has been hindered by supply chain complexity. As of June 2025, some manufacturers had not received updated code. Researchers have chosen to publicly disclose the vulnerabilities to urge more rapid remediation across the sector, while withholding specific details about the unnamed fourth manufacturer.
Automotive cybersecurity incidents underscore the need for rigorous ongoing monitoring of connected vehicle components. The presence of Bluetooth vulnerabilities in systems from Mercedes-Benz, Volkswagen, and Skoda demonstrates how integration of shared software stacks can create industry-wide exposure. For consumers, keeping infotainment and vehicle firmware up to date is crucial. For manufacturers, tightening separation between infotainment and critical subsystems, deploying regular security audits, and working closely with software providers are vital steps. As vehicles grow more connected, proactive vulnerability handling and transparency regarding security flaws are increasingly essential to reduce risk across diverse fleets.
