During the test, Turla only tried simple attacks such as text printing or parodying control voices. Because MZD Connect is a NIX-based system, anyone can create and execute scripts for other types of attacks. Turla said that his scenario was perfect to re-enable SSH support on the MZ Connect System after the feature was removed during the previous firmware update.
The attack process will automatically take place after the user has inserted the USB into the control panel. "No need to interact with users, you just need to insert the USB into the USB port on the car. Imagine the spontaneous feature on Windows when automatically executing the script".
However, this type of attack also has weaknesses. The vehicle must be in Accessory Mode or the engine must be running before the code is executed. This means you cannot use this method to start or control the vehicle. "You can do it but I don't have a PoC," Turla said. In addition, hackers can create botnets for Mazda cars. Turla also said one of his managers believed that the error could be used to install the RAT (Remote Access Trojans) on the vehicle.
Other researchers looking at MZD Connect's firmware also share similar ideas. "Its CMU (Car Multimedia Unit) is not full of remote execution errors," security researcher Aris Adamantiadis wrote on Twitter, "If you connect to WiFi, you can access (read only) CAN BUS through via DBUS network ".
These things can happen because the error on the car allows users to execute unverified code on the vehicle's information system, and in terms of information security means "anything". If the attacker has the skills and knowledge to write the appropriate code.
According to the MZF-AIO-TI project, the error of executing the USB code was fixed on the firmware MZD Connect version 59.00.502 released last month. Un-updated cars can still be attacked even though there have been no reports of abuse of the bug, except for refining the dashboard of the vehicle infotainment system.
Contacting Bleeping Computer, Mazda dispels all worries that this problem can be used to endanger users.
"On Mazda cars, the functions that Mazda Connect controls are very limited and cannot be accessed remotely by Wi-Fi, meaning that the risk of hacking with USB will only cause minor or minor losses. On the car, The Mazda Connect has limited control settings such as remote control lock, which information will show up on Active Driving Display, when the car responds to lane insertion . Interfering with features This also does not help gain control of the direction, brake or vehicle speed control ".
Below is a list of MZD Connect system models
Turla said he will continue to study car holes. "I'm going to try Tesla Model X, Honda City 2017 or Mitsubishi Montero Sport 2017. Hopefully I will get practical tests on the dashboard and infotainment system that will be unveiled at Car Hacking Village of DEF CON year. now on".