Mazda's Mazda MZD Connect-fitted next-generation Mazda cars can be tampered with by a simple USB flash drive.
The hack is possible thanks to a series of bugs that became known about three years ago. According to Bleeping Computer, the issue was discovered and tested by users of the Mazda3Revolution forum about three years ago. Since then, Mazda owners have been using these hacks to customize their entertainment system, install new apps, and more.
Application engineer Jay Turla developed the mazda_getInfo application, a project that automates Mazda's inertia.
"Ήθελα απλώς να ελέγξω ποιοι ήταν οι πιθανοί φορείς επίθεσης για το αυτοκίνητό μου και να το δοκιμάσω στο αυτοκίνητό μου", δήλωσε ο Turla στο Bleeping Computer.
The project is open-sourced and allows anyone with a USB flash drive to run malicious software code in a Mazda car.
"Δεν χρειάζεται αλληλεπίδραση χρηστών, απλά πρέπει να τοποθετήσετε τη μονάδα USB στη θύρα USB του αυτοκινήτου σας. Φανταστείτε μια λειτουργία αυτόματης αναπαραγωγής στα Windows που εκτελεί απευθείας ένα script", ανέφερε ο ερευνητής.
However, before running the script, the car must be in an accessory state or the engine running.
Last month, Mazda released a firmware update (59.00.502) that fixes the themethem in MZD Connect. However, if your car has not been updated, it is still open to attack.
Mazda, of course, defends itself, saying that Mazda Connect can only control limited vehicle feature settings, such as keyless entry. key, what information is displayed in Active Driving, etc.
"Η παραποίηση σε οποιαδήποτε από αυτά τα χαρακτηριστικά δεν αποκτά έλεγχο του συστήματος διεύθυνσης, επιτάχυνσης ή φρεναρίσματος του οχήματος", επισημαίνει η εταιρεία.
The models affected are the CX-3, CX-5, CX-7, CX-9, Mazda2, Mazda3, Mazda6 and Mazda MX-5.
https://github.com/shipcod3/mazda_getInfo
