July 10, 2025 By Bill Toulas
Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda.
OpenSynergy confirmed the flaws last year in June and released patches to customers in September 2024 but many automakers have yet to push the corrective firmware updates. At least one major OEM learned only recently about the security risks.
The security issues can be chained together into an exploit that researchers call a PerfektBlue attack and can be delivered over-the-air by an attacker, requiring "at most 1-click from a user."
Although OpenSynergy's BlueSDK is widely used in the automotive industry, vendors from other sectors also use it.
