If you have a Mazda 3 parked outside of your place right now, then we’re glad we have your attention. According to a Cybersecurity group, Mazda’s infotainment software has “multiple vulnerabilities” to attacks from hackers and other bad actors. However, there may be a way to protect yourself.
CyberInsider first broke the news that Dmitry Janushkevich from Trend Micro’s Zero Day Initiative (ZDI) cybersecurity group discovered the vulnerabilities in the infotainment system found in certain Mazda vehicles. The security flaws were found specifically in the Connectivity Master Unit (CMU). You can probably guess what the CMU does based on its title, and you’d be right to assume that’s not a great place to have any security vulnerabilities, much less “multiple.”
We don’t have a full list of every Mazda vehicle that is affected but the report specifically mentions the Mazda 3 model years between 2014 and 2021. Though it’s likely that other Mazda models from the same model years may be affected as well since infotainment software is rarely exclusive.
The details on what exactly causes the security flaws would make this article read more like something from Hackin9, so we’ll just get to what the discovery means for Mazda owners. The good news is that hackers cannot take advantage of the flaws wirelessly. They’ll need to insert a device pre-loaded with malware to one of the USB ports in the vehicle. Unfortunately, any time you give someone unattended access to your vehicle like with a detailer, valet, or mechanic you are risking the possibility of a cyberattack. Be mindful in those situations.
Since Mazda hasn’t really leaned into autonomous driving assist systems, hackers can’t use these exploits to remotely drive your vehicle away or anything of that sort. However, depending on the malware used, sensitive personal information could be obtained and used for nefarious purposes later.
Additionally, the malware could turn the vehicle’s CMU into a point of compromise for other devices connected to it. In other words, hackers could use the CMU in the vehicle to gain access to passenger’s smartphones that have an active connection to the vehicle. We recommend checking with Mazda to see if a software patch has been released yet and updating the software right away. Until then, avoid giving anyone you don’t know unattended access to your vehicle.
