It’s been a sort of open secret for a few years now that you can hack the infotainment system on some 2014 and up Mazdas with the right software on a USB drive. What is new, though, is that now the software required to do this is freely available on GitHub. What’s also interesting is how this security flaw has been turned into a valuable customization tool for tech-saavy Mazda owners.
The code is described as:
“A PoC (proof of concept — ed) that the USB port is an attack surface for a Mazda car’s infotainment system and how Mazda hacks are made”
It was put together by security researcher Jay Turla. The code includes an all-in-one tool called MZD-AIO-TI (Mazda All In One Tweaks Installer), which automates the process of getting access to the *NIX-based infotainment system Mazda uses.
Turla spoke with the website Bleeping Computer and described just how his attack works:
So I did some research on how is it done including how to create apps. I studied how MZD-AIO-TI (MZD All In One Tweaks Installer from Trezdog44) works and discovered that the tweak included executing a tweak.sh script through cmu_dataretrieval.up and dataRetrieval_config.txt. Thus, I decided to create the mazda_getInfo repo, which demonstrates that the USB port is an attack surface for a Mazda car’s infotainment system by echoing outputs from two known *nix commands through the jci-dialog which appears as a dialog box in an infotainment system. I just want to make it simpler in order to give some awareness.
Turla’s attack starts instantly when the USB drive containing the code is inserted into the car, automatically executing the script.
While all this sounds alarming, a few key points should be noted: the attack requires physically inserting a USB device into the car, so that rules out long-range hacking, and the attack so far only access the MZD infotainment system.
That means this is not something anyone can use to, say start a car’s engine or steal or hijack a car, but Turla does admit that there are flaws in the MZD system that could make such things possible.
On the plus side, the exploit has made possible a whole community of Mazda owners/hackers who are using the vulnerabilities to re-work the software and interface of the infotainment system to their own liking.
While Mazda has issued a firmware patch last month to remove the vulnerability (fixed with MZD Connect firmware version 59.00.502), in some ways this could be seen as a missed opportunity for Mazda.
If they had embraced the infotainment customization aspect and added security to prevent harmful or dangerous exploits to the car’s engine or control systems, they could have taken a step to being one of the first carmakers to have an open and customizable center stack, something which I think could be more popular among car buyers than most people realize.
If you have a Mazda, and are interested in doing some infotainment system customization, it looks like you’re in a pretty good position, with a lot of powerful tools now easily available.