Researchers from Trend Micro’s Zero-Day Project discovered multiple security issues in devices installed on thousands of Mazda vehicles
November 12, 2024 09:54
- Technology experts have discovered multiple security issues with the Mazda Connect infotainment setup.
- Researchers from Trend Micro’s Zero-Day Program discovered that attackers could compromise a vehicle’s security system.
- Drivers are advised to avoid connecting unknown USB devices and restrict third-party access to their cars.
The U.S. government wants an outright ban on Chinese cars because of concerns they could be remotely controlled by bad actors and pose a security threat. But a new team of researchers warns that thousands of Mazda vehicles already on the road in the United States, Europe and elsewhere are vulnerable.
Technology experts from Trend Micro’s Zero-Day Program (a zero-day refers to how long it takes a company to fix a flaw) studied Mazda Connect infotainment systems installed in cars including the 2014-21 Mazda3 and found that attackers could exploit its security vulnerabilities to potentially carry out attacks. Interfering with a car’s safety system.
RELATED: Porsche 718 Cayman and Boxster axed in EU due to new cybersecurity rules
Granted, the risk of a swarm of Mazdas becoming sentient, plowing into pedestrians, and crashing into gas stations and shopping malls is virtually zero. The cars don’t have self-driving capabilities, and report author Dmitry Janushkevich said the malicious code would have to be plugged in via a USB port, not via an OTA update.
But if you frequently use valet services at hotels, restaurants, and airports, or leave your car for maintenance or repairs, your car is still at risk of being stolen. ZDI claims it could take just a few minutes to upload malware via a USB port, allowing tech bad guys to compromise the car or infect passenger devices that are then plugged into the port. Accessing the car’s security systems is also possible, although ZDI did not investigate in depth which safety-critical functions could be altered or controlled.
Internet Insider Mazda said it has not released a patch for the security vulnerability and recommended that owners avoid connecting unknown USB devices to the infotainment system and limit third-party access to the vehicle until the automaker finds a fix. If you’re a geek and want the full details of ZDI’s analysis, check out the original report here.
Several models have been discontinued in Europe this summer because they do not comply with new EU cybersecurity rules, including the Porsche 718 Boxster and the gas-powered 500 from Cayman and Fiat.
Leave a Reply Cancel reply
You must be logged in to post a comment.