"Drive A Mazda? Your Privacy Could Be Gone In 10 Seconds"

Given how the infotainment can be tweaked with scripts easily, this doesn't come as a surprise.

https://www.forbes.com/sites/thomasbrewster/2018/03/09/mazda-privacy-hack-via-usb

Actually I'd like to get my hand on the script. That'll be a cool tweak to keep track of the activity of the car, polling and storing GPS locations periodically, although I don't connect my phone to it.

Mazda closed the holes. You need to pull the head unit.and tap into the back using a home made.cable.

The article doesn't.mention software version of car, but I doubt it was current.

Actually the article seems to suggest they did it very recently and somehow managed to get it installed. If it was the old USB trick that wouldnt make news cause everyone knows. This would suggest there may be another work around that hasnt been fixed yet for the AIO tweeks

dan801 said:

Actually the article seems to suggest they did it very recently and somehow managed to get it installed. If it was the old USB trick that wouldn’t make news cause everyone knows. This would suggest there may be another work around that hasn’t been fixed yet for the AIO tweeks

Click to expand...

Sensationalized stories are published all the time.

The questionable content about the story is that they never contacted mazda, and they use the auto-run USB feature. As we know the auto-run feature is disabled in newer firmware. So the story already implies they used older firmware.

Nowhere did they ever say they used a Mazda with the latest firmware - something that any security researcher would add as part of their article "we tested with the latest patched system and found vulnerabilities". Also, they would have contacted Mazda, even at the last minute, especially as they were presenting this at a Security Conference. Since they did not contact mazda, my guess is they know it was already fixed.

The presentation was last week, so we will have to wait and see if anything new comes out, but it appears that this is just part of a larger presentation "Smart Car Forensics and Vehicle Weaponization". Nothing in the news yet which is also surprising, so I have my doubts they presented something new with Mazda vehicles. If it existing the AIO guys would be using it already in my opinion.