Usenix non-profit researchers have discovered 128 vulnerabilities in the Bluetooth systems used in modern cars. Discovery has become possible through a new toolkit, a Bluetoolkit frame, which was presented in 2025.
This tool is specially designed for automated safety testing of Bluetooth Classic protocol. Bluetoolkit is highly flexible. It allows you to add new test scenarios through YAML configuration files, compatible with a wide range of equipment (including ESP32 and Nexus 5) and summarizes the operation of famous collections like Braktooth and Blueborne. The main feature is the possibility of wireless connection tests through wireless communication, which allows security analysis of info-cell systems without physical access to the internal components of the car.
Researchers checked models of 14 large car makers, which were produced between 2015-2023. The analysis has discovered 128 security flaws. In particular, 21 design drawings of the protocols and 46 defects related to the inappropriate implementation of these protocols were found.
The report describes four categories of possible attacks. The most important thing is the attack on the user account. Used in conjunction with the "Man Average" attacks, attackers can catch SMS messages or hands-transferred data from the HFP, topass the two-body identification and receive full control of accounts.
Among the test brands, Skoda has shown the least vulnerabilities. In 2023, ENYAQ did not show a shortcoming in 30 tests. The Tesla Model Y 2023 has shown two flaws. The Audi A5 of 2020 and E-Tron had four and six flaws respectively.
The largest number of vulnerabilities was recorded in the following models: 2021 Renault Megane (13), Toyota Corolla (9) and BMW X2 (10).
Translation of: Euromedia24.com
