Modern cars are sometimes compared to real computers on wheels, equipped with countless technologies which, while improving our daily driving comfort, inexorably open the way to some potential vulnerabilities. The Bluetooth in the car, which we normally use to listen to music or make hands-free calls, for example, can become a potential access point for cybercriminals. A group of researchers from PCA Cyber Securitylast year, identified a series of dangerous flaws, grouped under the technical name of “PerfektBlue”, which heavily affect the Bluetooth management software installed on millions of vehicles around the world. By exploiting these specific vulnerabilities, an attacker positioned a few meters from our car could be able to steal our personal data, listen to our private conversations and, in cases linked to less secure internal network architectures, attempt to access critical functions of the vehicle.
Don’t panic: to carry out intrusions like the one just described, our involuntary approval on the screen is often required. To defend against threats like this, we need to promptly update the car’s software through the dealer, turn off Bluetooth when we’re not using it, set it to stealth mode, and pay close attention to any unexpected pairing requests that may appear on our displays.
One of the most serious Bluetooth flaws
When the company PCA Cyber Security discovered four specific vulnerabilities within the Blue SDK, a software developed by OpenSynergy used by numerous car manufacturers to manage Bluetooth communications which, according to some estimates, is installed on around 400 million cars (data updated to March 2026). The identified flaws allow a potential attacker to execute unauthorized code directly within the infotainment, i.e. the car’s central multimedia system that manages the radio, navigator, telephone book, etc. For the intrusion to be successful, the criminal must be within range of the car’s Bluetooth signal, usually around ten metres. The attacker must then be able to connect his device to our car using the AVRCP profile, a standard protocol used to remotely control the playback of audio and video files.
Once this connection is established, the vulnerabilities cause a memory error in the operating system, giving the attacker access privileges reserved for official software. At this point, those who attack us could download the phone book, track our coordinates or activate the cockpit microphones to listen to us. The most discussed IT risk, however, concerns the so-called “lateral movement”, a hacking technique which consists in starting from a compromised system to infiltrate more defended sectors of the internal network. In automobiles, the ultimate target of this shift is the CAN bus (Controller Area Network). This is the central nervous system of the vehicle, a communication protocol that allows the various control units to communicate. If a hacker could hack into this protocol from the multimedia screen, he could theoretically send spoofed messages to manipulate the brakes, steering or engine.
Although the possibility of manipulating cars by hiding small malicious devices physically connected to the car’s cables has been demonstrated in the past, the industry now adopts strict countermeasures. Some manufacturers affected by the Bluetooth problem have clarified that their multimedia systems are physically isolated from the vehicle dynamics control units, blocking any interference with driving functions. Furthermore, to trigger the cyber trap over the air, a direct interaction is needed: we must mistakenly accept a pairing request from an unknown device that appears on the display. Many modern systems automatically reject any external connection attempt if we have not first manually activated the search mode, making life extremely complex for cybercriminals (and thank goodness!).
How to defend yourself from Bluetooth attacks in your car
To reduce the possible risks associated with using Bluetooth in the car, you need to follow some simple common sense rules. We list them below.
- Update your car’s firmware: PerfectBlue was discovered in July 2025. If you have never updated your car’s software since then, contact your nearest dealership to check the availability of a corrective update.
- Deactivate Bluetooth when not in use: if you are parked in a very crowded area, where the risk of exposure to external attacks is potentially higher, you may decide to deactivate the car’s Bluetooth connection and set the connectivity to invisible mode.
- Unpair your device when you rent a car: if you were to rent a car (or sell the one you have), always remember to unpair the smartphone you paired and delete any contacts imported from your phone’s address book.
