CarBlues – Bluetooth Vehicle Hack Exploit Affects Millions Of Vehicles Exposing Users PII

As discovered recently, millions of vehicles are on the verge of hacking due to a Bluetooth hack exploit. Reportedly, vehicle hack, named CarBlues, threatens the security of vehicles as it allows a potential attacker to access personally identifiable information (PII) of users without much effort.

CarBlues Bluetooth Vehicle Hack Exploit

Privacy4Cars – the creator firm of a mobile app meant for clearing personal data from vehicles – has discovered a new vehicle hack. As revealed, millions of vehicles are vulnerable to a Bluetooth hack exploit attack, named as CarBlues. The exploit works over Bluetooth protocol. It can spread by leveraging vulnerabilities in infotainment systems installed in various vehicles. The firm has shared the disclosed the news in a blog post on their website.

According to their report, the attack method does not really require any significant technical expertise. Rather the already available hardware and software would suffice for a successful attack within minutes. Explaining further about the discovery, they state,

“As a result of these findings, it is believed that users across the globe who have synced a phone to a modern vehicle may have had their privacy threatened. It is estimated that tens of millions of vehicles in circulation are affected worldwide, with that number continuing to rise into the millions as more vehicles are evaluated.”

The exploit may allow an attacker to gain access to the users’ call logs, stores contacts, text logs, and occasionally, full text messages, without alerting the victims to their actions.

Recommended Mitigation

The vehicle privacy and cybersecurity advocate and founder of Privacy4Cars, Andrea Amico, allegedly discovered this exploit during the development of the Privacy4Cars app. This app particularly facilitates users’ privacy by erasing the PII data of the users from vehicles.

After this discovering, Amico promptly reported the Automotive Information Sharing and Analysis Center (Auto-ISAC), and worked in close collaboration with them to spread awareness among its affected members. Consequently, as reported, at least two of the affected manufacturers have upgraded their systems to become immune to CarBlues with their 2019 models.

Whereas, for those still vulnerable to CarBlues, the researcher recommends deleting personal data from all vehicle infotainment systems.

‘Vehicle users should consider deleting personal data from any and all vehicle infotainment systems before allowing anyone access to their vehicle. Industry players should consider instituting a policy to protect consumer data, either by helping customers delete their personal information or by performing the operation themselves – similarly to how telecom carriers handle returned smartphones.”

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients