Mazda's Mazda MZD Connect-fitted next-generation Mazda cars can be tampered with by a simple USB flash drive.
The hack is possible thanks to a number of errorthose that have become known about three years ago. According to Bleeping Computer, the problem was discovered and tested by users of the Mazda3Revolution forum about three years ago. Since then, Mazda owners have been using these hacks to customize their entertainment system, install new apps, and more.
Ο mechanical application security Jay Turla developed the mazda_getInfo application, a project that automates Mazda car idles.
"I just wanted to check who the potential attackers were on my car and test it on my car," Turla told Bleeping Computer.
The project is open-sourced and allows anyone with a USB flash drive to run malicious code on one car of Mazda.
“No user interaction is required, you just need to insert the USB drive into your car's USB port. Imagine an automatic respproduction on Windows that runs a script directly," the researcher said.
However, before running the script, the car must be in an accessory state or the engine running.
Last month, Mazda released a firmware update (59.00.502) that fixes the issues at MZD Connect. However, if your car is not up to date, it is still open to attacks.
Mazda naturally defends herself by saying that Mazda Connect can only check limited vehicle features such as keyless entry, what information is displayed on Active Driving,
"Falsification of any of these characteristics does not give control of the vehicle's steering, acceleration or braking system," the company said.
The models affected are the CX-3, CX-5, CX-7, CX-9, Mazda2, Mazda3, Mazda6 and Mazda MX-5.
https://github.com/shipcod3/mazda_getInfo