Archive: https://archive.today/Z5Xsg
From the post:
>The researchers conducted an analysis of the BlueSDK Bluetooth framework developed by OpenSynergy and found several vulnerabilities, including ones that enable remote code execution, bypassing security mechanisms, and information leaks.
They demonstrated how some of these flaws could be chained in what they named a PerfektBlue attack to remotely hack into a car’s infotainment system. From there the attacker can track the vehicle’s location, record audio from inside the car, and obtain the victim’s phonebook data.
The attacker may also be able to move laterally to other systems and potentially take control of functions such as the steering, horn and wipers. While this has not been demonstrated, previous research showed that it is possible for a hacker to move from a car’s infotainment to more critical systems.
Archive: https://archive.today/Z5Xsg
From the post:
>>The researchers conducted an analysis of the BlueSDK Bluetooth framework developed by OpenSynergy and found several vulnerabilities, including ones that enable remote code execution, bypassing security mechanisms, and information leaks.
They demonstrated how some of these flaws could be chained in what they named a PerfektBlue attack to remotely hack into a car’s infotainment system. From there the attacker can track the vehicle’s location, record audio from inside the car, and obtain the victim’s phonebook data.
The attacker may also be able to move laterally to other systems and potentially take control of functions such as the steering, horn and wipers. While this has not been demonstrated, previous research showed that it is possible for a hacker to move from a car’s infotainment to more critical systems.
(post is archived)