You Can Hack Some Mazda Cars With a USB Flash Drive

An anonymous reader writes: "Mazda cars with next-gen Mazda MZD Connect infotainment systems can be hacked just by plugging in a USB flash drive into their dashboard, thanks to a series of bugs that have been known for at least three years," reports Bleeping Computer. "The issues have been discovered and explored by the users of the Mazda3Revolution forum back in May 2014. Since then, the Mazda car owner community has been using these 'hacks' to customize their cars' infotainment system to tweak settings and install new apps. One of the most well-designed tools is MZD-AIO-TI (MZD All In One Tweaks Installer)." Recently, a security researcher working for Bugcrowd has put together a GitHub repository that automates the exploitation of these bugs. The researcher says an attacker can copy the code of his GitHub repo on a USB flash drive, add malicious scripts and carry out attacks on Mazda cars. Mazda said the issues can't be exploited to break out of the infotainment system to other car components, but researchers disagreed with the company on Twitter. In the meantime, the car maker has finally plugged the bugs via a firmware update released two weeks ago.

Plugged the bugs?

[MangoCats]

Or, blocked the feature? Isn't this "bug" equivalent to shipping the car with an "unlocked" infotainment device?

Re:

[someone1234]

Or a jobless security researcher who needs some fame and doesn't care about the 'hackers' who just used their cars for more fun.

Re:

[Anonymous Coward]

This is the essence of "computer security" "research": Make scary noises in hopes it gets you consulting monies and damn the consequences. This constant scaremongering has helped bring into being things like laws that criminalise "computer hacking" without defining what that might be and judges that conclude that calling yourself a "hacker" means you give up your fourth amendment rights.

I'm now waiting for the hammer to fall on the hobbyists tinkerers because by calling this "hacking" the tinkerers are now

Enable features

[CanEHdian]

This is of course great stuff if it allows you to enable features that are normally locked out unless you paid handsomely for the "upgrade". As an example, DVD-Burners are sometimes identical to their LightScribe-brethern except for the firmware. Flash the correct firmware and poof! Your cheap OEM drive is now a branded Retail unit with everything unlocked.

wtf

[Anonymous Coward]

ummm nearly every brand and model has forums devoted to hacking/changing/upgrading the infotainment system, why the fuck is this even news?

Well, I feel better

[Snotnose]

Knowing that newbies to the security scene are pretty much clueless and marketing is driving things.

Re:

[phantomfive]

Every computer can be hacked by inserting a USB 'drive.' USB is not secure, don't let anything untrusted near it.

Other than that, I share your concern.

This is a repeat from the mid 70's to early 90's

[Snotnose]

The gas crisis hit. Cars suddenly had to hit smog standards. At the same time mandatory seat belt laws came into effect. The result was poorly performing cars with pain in the ass seatbelt restraints. I had an '87 Ford Escort, with a shoulder harness that slid along a track. It sucked. As did the car. In every possible way. As in, replacing all light bulbs within 2 years. Rear seat floor rusting out after 4 years (Just past warranty) (In San Diego, no salted roads). Sold it at 80k miles cuz of fan belt squeal. Caused by a crankshaft pulley way off center that would take an engine rebuild to fix.

Back then they shaved corners off everything they could, hence shitty cars. Now, they're using shitty firmware that is going to make the cars seriously avoidable for a good 10 years, until they wrap they're hide bound necks around software and security.

/ That '87 Ford Escort?
// biggest pile of shit I've ever driven
/// I'll probably never buy another American car again (I'm 59 in 3 weeks, YMMV).

Re:

[swb]

Uhh, isn't San Diego on the ocean, that big body of water filled with salt? Might the salt air have added to your corrosion problems?

Other than that, I agree that Detroit had a lot of problems in the 1980s. Labor problems, economic problems, probably engineering challenges totally overhauling entire product lines to try to compete with smaller and more fuel efficient foreign models.

What's funny is that I would have thought Ford would have been able to adapt easier because of their extensive experience in

Re:

[Dogtanian]

I know at some point in the 1980s they were actually selling some European models in the US.

From what I've read, the original version of the North American Escort [wikipedia.org] (presumably the one referred to above) was *supposed* to be based on the 1980 third-generation European Escort, but in practice ended up having little in common with it beyond a vaguely similar shape.

(This was apparently also the case with the Chrysler Horizon [wikipedia.org]; the Dodge Omni and Plymouth Horizon apparently shared little with their European counterpart).

Re:

[Dogtanian]

The result was poorly performing cars with pain in the ass seatbelt restraints.

Those must have been really badly fitting seatbelts if they hurt you there.

Re:

[danomac]

He forgot to mention the seats had springs poking through the upholstery. So when the seat belt auto-tightened on the track, it literally became a pain in the ass!

Malicious, maybe - but more like jailbreaking

[djrobxx]

The "all in one" tool they refer to is very much like a jailbreaking tool. It lets you pick from a list of popular hacks, and makes it easy to install.

One of the more interesting hacks available is enabling Android Auto support. Mazda is using a system called OpenCar.

These "exploits" that get you access are really simple ones. Mazda obviously didn't consider them to be of big concern, they've been around for quite a while. Then of course the security zealots come in and ruin all the fun. :)

Will be m

"Hacked" mine

[Anonymous Coward]

I followed forum instructions and got a USB network adapter. Then SSH'd in as root and turned off a few annoyances. I thought I was cool ;)

That's why I'm sticking with my 1971 Datsun 240Z

[halfdan the black]

It's an absolute blast to drive, those triple dual throat carburetors just freaking scream, it actually feels alive. Unlike to soulless crap that's sold today that's all larded up with electronics crap.

Re:

[TechyImmigrant]

It's an absolute blast to drive, those triple dual throat carburetors just freaking scream, it actually feels alive. Unlike to soulless crap that's sold today that's all larded up with electronics crap.

I have a younger sibling of that car. The 350Z convertible. It's also a blast to drive and doesn't appear to be weighed down with electronics.

Re:

[halfdan the black]

The 350z is a great car, everyone is saying that it's destined to become a future classic, unlike the 370. The 350 has nice, clean, conservative lines as opposed to the tacky, gaudy 370. Nissan really started hitting the crack coccaine prety hard in their styling dept around 2009.

I'm just hoping Nissan will get over their current styling fugue state and get back to something decent before they roll out the next Z car.

Re:

[TechyImmigrant]

FWIW, Mazda went off the rails with the current MX5 styling too. I've had two MX5s (the pop up headlights one and the one after that) and they were both looked great. The high price and the fussy exterior steered me away from the MX5 this time around.

My Z is bright orange, which was a significant factor in my choice. Convertible of course.

Mazda is not GPL compliant

[Anonymous Coward]

Their infotainment center is full of GPL code and Mazda is not in compliance: https://mzdopensource.wordpress.com/

(Their infotainment contains a gstreamer, busybox, modified Linux kernel, and probably other GPL software.)

Is it really hacking?

[Spy Handler]

I mean, if you have to break the window of the car or jimmy the door open, and then physically insert a flash drive into the USB port on the dashboard, that's a pretty loose definition of "hack".

If you were willing to go this far and risk burglary rap, might as well just drive off with the car and sell it to the chop shop rather than simply leaving a malware on the infotainment system.

Re:

[Calydor]

If you can use this to turn off tracking systems like OnStar, it's actually a pretty big deal. There was some disagreement of whether you could break out of the infotainment system to the rest of the car's systems.

And surveillance. Imagine if you didn't have to plant a microphone somewhere in the car, but could actually install a recording app in the car's own systems.

Re:

[sunderland56]

If I break into a car, I can:

  - possibly attack it via USB; limited ability to hack, on limited car makes and models

  - plug a laptop into the car's OBD port and have complete, total access to the entire car, on every car on the planet

Why would I be concerned about USB, when you can reprogram all of the car's computers via OBD?

Re:

[Zero__Kelvin]

OBD access doesn't afford access to the entire car, at least in almost all cases. It provides access to the ODB CAN Controller, and sometimes [wikipedia.org] but not always more of the system. The fact that you believe you automagically have access to the entire car tells me you really can't do what you claim.

Re:

[sunderland56]

The manufacturers I'm familiar with allow firmware updates over OBD2. So if you can't get access to something with stock firmware, flash a new version that does allow it.

(Assuming that there is connectivity in the first place; if e.g. the entertainment system only connects to 12V and ground, there won't be a remote hack).

Re:

[Zero__Kelvin]

Initially you claimed on every car on the planet, but now you are limiting the field quite narrowly aren't you? You would have to have the source and capabilities to build a modified firmware as well, narrowing the field to almost zero. Suddenly your claim that you can plug a laptop into the car's OBD port and have complete, total access to the entire car, on every car on the planet is quite absurd indeed, isn't it?

Re:

[sunderland56]

This is a geek site. I didn't think I needed to add the disclaimer "with the right kind of knowledge".

You need the right kind of knowledge to do anything with the USB port as well. Just sticking in a USB stick with "ABBA's Greatest Hits" on it won't work. (Well, maybe in a Volvo.....)

Re:

[Zero__Kelvin]

Well, you could just use your key. No need to break windows or jimmy locks. Guessing you don't know what the term "hack" means.

That probably isn't actually a security problem...

[Casandro]

... as if you need to have physical access to the inside of a car in order to change its firmware, that's a much more intrusive vector than just cutting the brake lines.

People stop claiming that normal intended features are security critical bugs. Locking people out of the computers they bought is not fixing anything. In fact with routers, blocking OpenWRT usually means that your users won't be able to make their system more secure.

FORD equivalent by a Russian dev...

[ELCouz]

Works on Focus, C-Max and Escape
http://ford.xtlt.ru/FoCCCus/ [ford.xtlt.ru]
http://www.focusst.org/forum/f... [focusst.org]

Re:

[AmiMoJo]

Actually, there are CAN bus firewalls. For example, the diagnostic port is usually firewalled to be mostly read only.

Qstn: Where can I find similar tweaks 4 my Toyota?

[BcNexus]

I must have poor google-fu or something. I've searched Google and Reddit off and on but haven't found anything useful (searched my infotainment unit model number, browsed forums and posts, searched for "tweaks" and "hacking" but didn't find anything useful).

I have a 2014 Corolla with a non-GPS, non-streaming-app, touchscreen infotainment system.

Can it run Doom?

[keith_nt4]

That's all I want to know. Because a Porsche 911 definitely can... [youtu.be]

Protect!

[Dishevel]

Need to protect people from replacing shitt GPS Navigators with Google Maps.