Cybersecurity

5925 readers

213 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Unpatched Mazda Connect bugs let hackers install persistent malware (www.bleepingcomputer.com)

submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/cybersecurity

4 comments fedilink hide all child comments

Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission.

top 4 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 2 months ago (1 children)

Looking over the threat, not an issue unless someone accesses your car unlocked(the car auto locks the doors after 15? minutes). I don't feel the threat of compromising the car is valid enough to elicit a genuine concern.

What this should inspire in the minds of readers is how dangerous technology is in a car and how technology that provides convenience compromises safety, that is not a compromise we should accept.

[–] Ajen 2 points 2 months ago (1 children)

Like the article points out, a lot of people trust strangers with their vehicles (valets, mechanics, etc). It might not happen to me, but I could see an abusive spouse/SO or shady valet installing tracking/bugging software with this exploit.

[–] [email protected] 1 points 2 months ago (1 children)

There is no remote access to the system. So the person would need to have physical access to the USB port to retrieve any data.

Every car has a vulnerability that can allow someone to put a tracker on your car and it takes a couple seconds to execute with no advanced technical ability, sticking a GPS tracker with a 4g connection to the bottom of the chassis. Bugging a car is as easy as sticking a recording device under the seat.

[–] Ajen 1 points 2 months ago* (last edited 2 months ago)

~~All of the people I listed would have physical access for hours, out of sight of the owner.~~ (see edit)

Is easy to find a tracker that's stuck to the bottom of a car if you put it on a lift and spend a few minutes with a flashlight (and since just takes a minute and a lot of mechanics are decent people, it's not hard to find someone to do it for free). And they either have batteries that will run out, or have to be wired to the battery which limits where they can be hidden.

Edit: misread your post, didn't see that you were talking about physical access to retrieve data, not bug the car. I'm pretty sure these cars have Bluetooth and wifi though, which the entertainment system most likely has access to.