Mazda's Mazda MZD Connect-fitted next-generation Mazda cars can be tampered with by a simple USB flash drive.
Hack is possible thanks to a series of bugs that have been known about three years ago. According to Bleeping Computer, the problem was discovered and tested by users of the forum Mazda3Revolution about three years ago. Since then, Mazda owners have been using these hacks to customize their entertainment system, install new apps, and more.
Application security engineer Jay Turla developed it application mazda_getInfo, a project that automates Mazda car idles.
"I just wanted to check who the potential attackers were on my car and test it on my car," Turla told Bleeping Computer.
The project is open-sourced and allows anyone with one flash USB να εκτελέσει κακόβουλο code in a Mazda car.
"You do not need user interaction, you just need to insert the USB drive into the USB port of your car. "Imagine an autoplay function in Windows that executes a script directly," said the researcher.
However, before running the script, the car must be in an accessory state or the engine running.
Last month, Mazda released a firmware updatesoftware (59.00.502) which fixes the issues in MZD Connect. However, if your car has not been updated, it is still open to attack.
Mazda naturally defends herself by saying that Mazda Connect can only check limited vehicle features such as keyless entry, what information is displayed on Active Driving,
"Falsification of any of these characteristics does not give control of the vehicle steering, acceleration or braking system," she said. company.
The models affected are the CX-3, CX-5, CX-7, CX-9, Mazda2, Mazda3, Mazda6 and Mazda MX-5.
https://github.com/shipcod3/mazda_getInfo
