Windows

In-car Bluetooth: the hidden dangers and how to protect yourself

In-car Bluetooth is a common thing nowadays; a couple recent studies revealed it is not really safe. Read on to learn the details and how to protect yourself.
J
  • Jim Richards,
  • 14 days ago
  • Editor Informer Technologies, Inc.

In-car Bluetooth: the hidden dangers and how to protect yourself In-car Bluetooth: the hidden dangers and how to protect yourself

In the early 20th century, cars stopped being something exotic. Yes, they were still quite expensive — not that they aren’t today — but, overall, the introduction of the assembly line, which enabled mass production of vehicles, pushed the costs down and saturated the market.

Today, cars are truly ubiquitous. Some societies, like that of the USA, are unimaginable without them. Pretty soon after becoming a more or less affordable product, cars acquired entertainment systems. The first one, a car radio, was installed in a Chevrolet model in 1922, and in 1930, Motorola started making 5T71, the first third-party audio set designed specifically for cars.

Today, car infotainment systems double as navigation devices, pacifiers for children (cartoons!), communication sets, and security rigs. In most cases, their connectivity is enabled by Bluetooth, a tech that counts dozens upon dozens of applications. This is a plus: no technological spaghetti of wires hanging from the ports of the system, it’s all in the air. But there’s a flip side to this coin.

Car infotainment Bluetooth connection: vulnerabilities

This year, thus far, two major studies investigating just how (un)safe a car’s Bluetooth connection is were published. The results of both were quite alarming, although not pointing to any immediate critical danger. At least, for now.

The PerfektBlue car Bluetooth safety study

This research was led by PCA Cyber Security. The team focused on the OpenSynergy BlueSDK stack, one of the most widely used Bluetooth implementations in automotive systems today, adopted by big carmakers like Ford, Mercedes-Benz, and the entire Volkswagen group.

Researchers uncovered major vulnerabilities (CVE-2024-45431 through CVE-2024-45434), each granting malicious actors the access needed to play around with the car and the data it stores, up to remote execution of code. A quote from the report:
“The PCA Security Assessment Team identified multiple vulnerabilities with low-to-critical severity, allowing an attacker to obtain 1-click Remote Code Execution (RCE) in the operating system of a device which utilizes the BlueSDK Bluetooth stack. In this level of access, an attacker could manipulate the system, escalate privileges and perform lateral movement to other components of the target product.”

In layman’s terms, among other things, the vulnerabilities enable attackers to do the following:

  • snatch contact lists and call history;
  • track car location;
  • hijack microphones for eavesdropping;
  • reach other parts of the car’s internal network (rare cases, but still there).

Fortunately, the steering wheel and the pedals could not be messed with through the said holes. Vendors started releasing patches in late 2024 and early 2025; if you’re driving a Mercedes, a Ford, or anything from the Volkswagen Aktiengesellschaft, do check for updates.

The BlueToolkit investigation

BlueToolkit is an open-source Bluetooth vulnerability testing framework made by System Security Group at ETH Zurich in cooperation with Cyber Defence Campus. Recently, the team behind the framework used their creation to test how safe Bluetooth is in 22 different car models, including Renault, BMW, Honda, Tesla, and more. All in all, they discovered 64 vulnerabilities.

The testing aimed to reveal weaknesses that allow remote code execution, denial of service, and data extraction. In the process, the researchers have also shown how attackers could steal contacts, eavesdrop, track vehicles, and, in some rare cases, even disrupt operation of the cars’ core functions.

Protecting car’s Bluetooth connection from attacks

Here are some measures you can take to safeguard yourself from unpleasant surprises in your car:

  • Don’t forget to disable Bluetooth when not using it. Simple yet effective: no connection — no hijacking. Especially when parking in a public lot.
  • Clean up the list of paired devices. Whatever looks suspicious has to be deleted. Better yet, delete everything and pair just what you need anew.
  • Make sure the connection is password-protected. In most cases it’s like that by default, but it never hurts to double-check. And make that password something more complicated than a straight 1 through 8 sequence.
  • Stay current with the updates. As mentioned above, carmakers did release patches in response to the investigation. Make sure the firmware of your car’s infotainment system is up-to-date.
S
Sahabi Abdullahi adamu
See

6 days ago Was it helpful?  yes(0) no(0) | Reply

Author's other posts

Spotlight: Flyoobe, a Windows 11 installation customization tool
Article
Spotlight: Flyoobe, a Windows 11 installation customization tool
Flyoobe is, arguably, one of the most popular Windows 11 installation customization tools out there. Learn what it can do, and how (everything's simple).
Is Affinity for iPad free now? It would seem so
Article
Is Affinity for iPad free now? It would seem so
For whatever reason, Affinity graphic suite for iPad is now free. Most likely, the situation will change by the end of the month, so grab it now.
Google introduces Recovery contacts, a way to claim back an account
Article
Google introduces Recovery contacts, a way to claim back an account
Google added one more account recovery method to the two already known. Learn how to set up the Recovery contact.
Don’t like Liquid Glass? Here are some ways to make it less… different
Article
Don’t like Liquid Glass? Here are some ways to make it less… different
Apple's Liquid Glass interface got mixed reactions. If you would rather have the old looks back, here are some tweaks.