Security researchers have uncovered multiple vulnerabilities in the Mazda Connect infotainment system, affecting several Mazda models, including the Mazda 3 (2014-2021). The flaws, which remain unpatched, could allow attackers to execute arbitrary code with root permissions, potentially compromising the vehicle's network and safety systems. At this stage these attacks require physical access to the vehicle's infotainment system and the process is alarmingly quick and straightforward. Researchers from Trend Micro’s Zero Day Initiative (ZDI) note that an attacker could connect a malicious USB device and deploy their exploit within minutes. Scenarios like valet parking, car servicing, or dealership visits could provide the necessary access for an attacker.
Dmitry Janushkevich, a senior vulnerability researcher at ZDI, warns that once an attacker gains control, they could upload malicious firmware that compromises the car’s connected controller area networks (CAN buses) and electronic control units (ECUs) responsible for critical functions like braking, transmission, and powertrain management. In addition to local attacks, researchers highlight the potential for connected devices to be compromised as part of a broader attack. This could result in ransomware, denial-of-service attacks, or even rendering the infotainment system permanently inoperable (“bricking”). What to do? Nothing at this stage. The ball is in Mazda’s court and they’re sweeping it under the carpet for now. Ep261 More on miteradio.com.au (press play)
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorDelve into the world of MITE Radio through our captivating blogs. From music and tech to community news, our articles offer fresh perspectives and behind-the-scenes glimpses. Stay informed, connect with our community, and explore MITE Radio in a new way today! Archives
January 2025
Categories
All
|