Exploiting Bluetooth from your car to the bank account$$
Yso, Martin Strohmeier
DEF CON 32 Creator Stage · Day 1 · Creator Stage
This talk, presented by Martin Strohmeier on behalf of his student Yso (Vladislav), delves into the pervasive and often overlooked security vulnerabilities inherent in **Bluetooth Classic** implementations within modern vehicles. The research, primarily conducted by Yso for his master's thesis at ETH Zurich, exposes a significant gap in automotive security: despite the known insecurity of older Bluetooth standards, car manufacturers continue to deploy vehicles with outdated and vulnerable Bluetooth stacks. The speakers highlight how these vulnerabilities can be exploited for purposes ranging from denial-of-service attacks to lateral movement within a car's complex systems, and even the interception of two-factor authentication (2FA) tokens.