With the rapid development of smart car technology, seamless connectivity between vehicles and various smart devices has become a major highlight in enhancing the driving experience. However, this also presents significant challenges to Bluetooth security. As the primary communication protocol between smart cars and devices such as smartphones, headphones, and entertainment systems, Bluetooth is vulnerable to hacker attacks, potentially leading to personal data leaks or remote control of vehicle systems. Therefore, strengthening the security of Bluetooth communication has become a critical issue in ensuring the safety of smart vehicles.

In this session, we will examine several recent Bluetooth vulnerabilities related to the automotive industry. We will begin by discussing implementation flaws in Bluetooth for several charging stations in 2024 as an entry point. Then, we will cover the Tesla combination attack in 2023, which resulted from implementation errors in a vendor SDK. Following that, we will explore vulnerabilities caused by implementation flaws in the Linux Bluetooth subsystem and undefined behaviors in the Bluetooth specification. Finally, we will conclude with key considerations for Bluetooth development and mitigation measures.