Feed aggregator

Researchers uncover a chain of flaws in a widely used automotive Bluetooth stack, exposing infotainment systems to remote compromise

In July 2025, cybersecurity researchers disclosed PerfektBlue, a set of four vulnerabilities (CVE-2024-45431 to -45434) found in OpenSynergy’s BlueSDK, a Bluetooth stack widely integrated into modern infotainment systems. The flaws affect millions of vehicles across brands including Volkswagen, Mercedes-Benz, and Skoda, enabling attackers to execute malicious code over Bluetooth Classic connections.

Attack Path and Impact

PerfektBlue can only be exploited at close range, requiring the attacker to be within 5-7 meters of a target vehicle and establish Bluetooth pairing. This limits the possibility of large-scale exploitation; however, a successful attack would open the IVI system to the hacker(s), leaking data such as:

• GPS data & Vehicle location
• Listening through in-car microphones
• Contact lists & communication logs

Safety-critical functions like braking and steering remain segmented. Yet, as past incidents (e.g., the 2015 Jeep Cherokee hack) have shown, weak network isolation could allow lateral movement if additional vulnerabilities exist.

Root Causes in Bluetooth Stack Design

PerfektBlue includes one memory corruption flaw and three logic-level vulnerabilities stemming from protocol mismanagement. Combined, they create a pathway to remote code execution once pairing succeeds.

The flaws illustrate ongoing issues in Bluetooth stack security:

• Multi-layer protocols such as L2CAP, RFCOMM, and AVRCP handle vast amounts of untrusted data.
• Implementations in C heighten memory safety risks.
• The wireless and real-time nature of Bluetooth complicates fuzz testing, letting subtle bugs persist across generations.

Delays in Fixing and Deployment

The vulnerabilities were first reported in May 2024, and a patch was issued by September 2024. Yet disclosure did not occur until July 2025, largely because automakers lagged in deploying updates.

Challenges included:

• Complex supply chains with limited visibility on software components.
• No software bills of materials (SBOMs)-thus OEMs were not aware that they even depended on BlueSDK.
• Highly manual service updates rather than OTA.

Wider Implications and Next Actions

As long as vehicle safety systems remain isolated, infotainment are not benign to breaches. Attackers could track drivers, eavesdrop on conversations, and steal sensitive data, or in poor circumstances, pivot to other systems if the segmentation is weak.

As a countermeasure, experts advised the automakers to:

• Consider Bluetooth stacks as high-value attack surfaces.
• Standardize the use of SBOMs so that the third-party software can be identified and tracked.
• Give priority to OTA update pipelines to reduce patch deployment delays.
• Integrate protocol fuzzing and binary analysis in the development lifecycles.

PerfektBlue is a reminder that connected vehicles remain vulnerable to wireless exploits. Without stronger defenses and adoption of patches faster, the automotive industry is repeating the same mistakes of past cybersecurity lapses.

(This article has been adapted and modified from content on Keysight Technologies.)

The post PerfektBlue: Bluetooth Vulnerabilities Put Millions of Vehicles at Risk appeared first on ELE Times.

Devices Offer Y1 Rating of 500 VAC and 1500 VDC, High Capacitance to 4.7 nF, and High Humidity Robustness

Vishay Intertechnology, Inc. introduced a new series of Automotive Grade AC line rated ceramic disc safety capacitors that are the industry’s first with a Y1 rating to be offered in a surface-mount casing. Combining their Y1 rating of 500 VAC and 1500 VDC with high capacitance to 4.7 nF, the Vishay BCcomponents SMDY1 Automotive Series devices are designed to provide EMI / RFI suppression and filtering in harsh, high humidity environments.

AEC-Q200 qualified with PPAP available, the capacitors released, will be used in on-board chargers (OBC), traction inverters, battery management systems (BMS), e-compressors, and AC/DC converters in electric (EV), hybrid electric (HEV), and plug-in hybrid electric (PHEV) vehicles. For these applications, the devices offer high humidity resistance with a Class IIB humidity grade (in accordance with IEC60384-14 annex I) and can withstand the 85 / 85 / 1000 h test.

Allowing for surface-mount assembly with a reflow soldering process, SMDY1 Automotive Series capacitors reduce production costs. Unlike leaded components, the devices offer a low, flat profile on the PCB to enable flat casings or backside PCB mounting without the clearance space required by through-hole capacitors.

RoHS-compliant and halogen-free, the components consist of a copper-plated ceramic disc and feature encapsulation made of flame-resistant epoxy resin in accordance with UL 94 V-0. The devices are available in two case sizes: the C case with a creepage distance of 10 mm and the D case with a creepage distance of 14.5 mm.

The post Vishay Intertechnology Launches Industry’s First Automotive Grade Ceramic Capacitors With Y1 Rating in SMD Casing appeared first on ELE Times.