Volkswagen MIB3 Infotainment Bluetooth Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Bluetooth stack of the Volkswagen MIB3 infotainment system, specifically in the 'MIB3 OI MQB' model manufactured by Preh Car Connect GmbH. The issue arises from improper validation of user-supplied data, allowing an attacker to arbitrarily disconnect channels, causing disruptions for all connected clients. This vulnerability was confirmed on a Skoda Superb III vehicle with the MIB3 infotainment unit OEM part number 3V0035820, and it affects several other part numbers used in various Volkswagen and Skoda models.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition on the MIB3 infotainment system by causing arbitrary disconnections of Bluetooth channels, disrupting services for all connected devices.

Reproduction

The vulnerability can be reproduced by sending a disconnection request through the Bluetooth signaling channel. This can be done by pairing a device with the MIB3 infotainment system and then using the L2CAP protocol to disconnect a channel, causing a disruption in the Bluetooth connection.