You can hack Mazda cars with USB Flash Drive

This issue was discovered and revealed by users on the Mazda3Revolutions forum in May 2014. Since then, the Mazda user community has used this hack to customize the vehicle's infotainment system and install applications. new use. One of the great tools is MZD-AIO-TI (MZD All In One Tweaks Installer). The knowledge shared through these projects has become the foundation for mazda_getInfo, a project of Bugcrowd Jay Turla application security engineer, Mazda auto hack tool.

Research because of curiosity

Turla said he started this project after buying a Mazda car. "I just want to see if it is possible for a car to be hacked. This is just a personal project because I was excited about the trip to Car Hacking Village at DEF CON 23 in Vegas last year. I also have some friends at The Philippines is currently studying automotive hacking, "Turla said.

Mazda_getInfo of Turla, provided as open source code on GitHub last week, allows anyone to copy the script on their USB, insert into the car's control panel and practice malicious code on the MZD Connect firmware of the car.

Users can use USB to hack Mazda cars

During the test, Turla only tried simple attacks such as text printing or parodying control voices. Because MZD Connect is a NIX-based system, anyone can create and execute scripts for other types of attacks. Turla said that his scenario was perfect to re-enable SSH support on the MZ Connect System after the feature was removed during the previous firmware update.

Automatic attack by USB

The attack process will automatically take place after the user has inserted the USB into the control panel. "No need to interact with users, you just need to insert the USB into the USB port on the car. Imagine the spontaneous feature on Windows when automatically executing the script".

However, this type of attack also has weaknesses. The vehicle must be in Accessory Mode or the engine must be running before the code is executed. This means you cannot use this method to start or control the vehicle. "You can do it but I don't have a PoC," Turla said. In addition, hackers can create botnets for Mazda cars. Turla also said one of his managers believed that the error could be used to install the RAT (Remote Access Trojans) on the vehicle.

Other researchers looking at MZD Connect's firmware also share similar ideas. "Its CMU (Car Multimedia Unit) is not full of remote execution errors," security researcher Aris Adamantiadis wrote on Twitter, "If you connect to WiFi, you can access (read only) CAN BUS through via DBUS network ".

USB attack error has been fixed in the last update

These things can happen because the error on the car allows users to execute unverified code on the vehicle's information system, and in terms of information security means "anything". If the attacker has the skills and knowledge to write the appropriate code.

According to the MZF-AIO-TI project, the error of executing the USB code was fixed on the firmware MZD Connect version 59.00.502 released last month. Un-updated cars can still be attacked even though there have been no reports of abuse of the bug, except for refining the dashboard of the vehicle infotainment system.

Contacting Bleeping Computer, Mazda dispels all worries that this problem can be used to endanger users.

"On Mazda cars, the functions that Mazda Connect controls are very limited and cannot be accessed remotely by Wi-Fi, meaning that the risk of hacking with USB will only cause minor or minor losses. On the car, The Mazda Connect has limited control settings such as remote control lock, which information will show up on Active Driving Display, when the car responds to lane insertion . Interfering with features This also does not help gain control of the direction, brake or vehicle speed control ".

Below is a list of MZD Connect system models

1. Mazda CX-3
2. Mazda CX-5
3. Mazda CX-7
4. Mazda CX-9
5. Mazda2
6. Mazda6
7. Mazda MX-5

Turla said he will continue to study car holes. "I'm going to try Tesla Model X, Honda City 2017 or Mitsubishi Montero Sport 2017. Hopefully I will get practical tests on the dashboard and infotainment system that will be unveiled at Car Hacking Village of DEF CON year. now on".