Windows

In-car Bluetooth: the hidden dangers and how to protect yourself

In-car Bluetooth is a common thing nowadays; a couple recent studies revealed it is not really safe. Read on to learn the details and how to protect yourself.
J
  • Jim Richards,
  • 4 hours ago
  • Editor Informer Technologies, Inc.

In-car Bluetooth: the hidden dangers and how to protect yourself In-car Bluetooth: the hidden dangers and how to protect yourself

In the early 20th century, cars stopped being something exotic. Yes, they were still quite expensive — not that they aren’t today — but, overall, the introduction of the assembly line, which enabled mass production of vehicles, pushed the costs down and saturated the market.

Today, cars are truly ubiquitous. Some societies, like that of the USA, are unimaginable without them. Pretty soon after becoming a more or less affordable product, cars acquired entertainment systems. The first one, a car radio, was installed in a Chevrolet model in 1922, and in 1930, Motorola started making 5T71, the first third-party audio set designed specifically for cars.

Today, car infotainment systems double as navigation devices, pacifiers for children (cartoons!), communication sets, and security rigs. In most cases, their connectivity is enabled by Bluetooth, a tech that counts dozens upon dozens of applications. This is a plus: no technological spaghetti of wires hanging from the ports of the system, it’s all in the air. But there’s a flip side to this coin.

Car infotainment Bluetooth connection: vulnerabilities

This year, thus far, two major studies investigating just how (un)safe a car’s Bluetooth connection is were published. The results of both were quite alarming, although not pointing to any immediate critical danger. At least, for now.

The PerfektBlue car Bluetooth safety study

This research was led by PCA Cyber Security. The team focused on the OpenSynergy BlueSDK stack, one of the most widely used Bluetooth implementations in automotive systems today, adopted by big carmakers like Ford, Mercedes-Benz, and the entire Volkswagen group.

Researchers uncovered major vulnerabilities (CVE-2024-45431 through CVE-2024-45434), each granting malicious actors the access needed to play around with the car and the data it stores, up to remote execution of code. A quote from the report:
“The PCA Security Assessment Team identified multiple vulnerabilities with low-to-critical severity, allowing an attacker to obtain 1-click Remote Code Execution (RCE) in the operating system of a device which utilizes the BlueSDK Bluetooth stack. In this level of access, an attacker could manipulate the system, escalate privileges and perform lateral movement to other components of the target product.”

In layman’s terms, among other things, the vulnerabilities enable attackers to do the following:

  • snatch contact lists and call history;
  • track car location;
  • hijack microphones for eavesdropping;
  • reach other parts of the car’s internal network (rare cases, but still there).

Fortunately, the steering wheel and the pedals could not be messed with through the said holes. Vendors started releasing patches in late 2024 and early 2025; if you’re driving a Mercedes, a Ford, or anything from the Volkswagen Aktiengesellschaft, do check for updates.

The BlueToolkit investigation

BlueToolkit is an open-source Bluetooth vulnerability testing framework made by System Security Group at ETH Zurich in cooperation with Cyber Defence Campus. Recently, the team behind the framework used their creation to test how safe Bluetooth is in 22 different car models, including Renault, BMW, Honda, Tesla, and more. All in all, they discovered 64 vulnerabilities.

The testing aimed to reveal weaknesses that allow remote code execution, denial of service, and data extraction. In the process, the researchers have also shown how attackers could steal contacts, eavesdrop, track vehicles, and, in some rare cases, even disrupt operation of the cars’ core functions.

Protecting car’s Bluetooth connection from attacks

Here are some measures you can take to safeguard yourself from unpleasant surprises in your car:

  • Don’t forget to disable Bluetooth when not using it. Simple yet effective: no connection — no hijacking. Especially when parking in a public lot.
  • Clean up the list of paired devices. Whatever looks suspicious has to be deleted. Better yet, delete everything and pair just what you need anew.
  • Make sure the connection is password-protected. In most cases it’s like that by default, but it never hurts to double-check. And make that password something more complicated than a straight 1 through 8 sequence.
  • Stay current with the updates. As mentioned above, carmakers did release patches in response to the investigation. Make sure the firmware of your car’s infotainment system is up-to-date.

Author's other posts

macOS 26 Tahoe: the Shortcuts app improvements
Article
macOS 26 Tahoe: the Shortcuts app improvements
In macOS, Shortcuts has been around since 2021. It's a powerful automation tool that, when you really start using it, simplifies a ton of things. In Tahoe, it was became better.
Conversation branching and similar tools in popular AIs
Article
Conversation branching and similar tools in popular AIs
Large language models (LLMs), or AIs, can accelerate topic research by several orders of magnitude. Conversation branching makes the process even more flexible.
The new M5 iPad Pro unpacked by a YouTuber before official unveiling
Article
The new M5 iPad Pro unpacked by a YouTuber before official unveiling
The new M5 iPad Pro slips into the spotlight early, thanks to Russian tech YouTuber Wylsacom.
Windows 10 Extended Security Updates (ESU) program explained
Article
Windows 10 Extended Security Updates (ESU) program explained
The Windows 10 Extended Security Updates program has already gone through some transformations, although it hasn't yet started. Here's what to know.