If you’re a geek like me then you probably already know you can hack the infotainment system in a Mazda.
If you’re not, then you’d probably better not try – because it will most certainly void your warranty.
Access to the system is achieved with freely available software that is placed on a USB stick and allows the more tech savvy to get into the infotainment system and make changes.
Pretty much any late model Mazda with MZD Connect is vulnerable to the exploit – Mazda2, Mazda3 and Mazda6, as well as the MX-5, CX-3, CX-5 and CX-9.
The software in question was developed by Trevor Martin who goes by the online tag Trezdog44.
He’s a California software developer who operates the website Mazda Tweaks.
Using Trezdog’s code you can modify or tweak the MZD Connect system to change colours, boot animation, screen background images, remove startup message,create wi-fi hotspot, allow system to be used on the move, cast videos from your phone to the screen and install Android Auto functionality – all without paying for it.
The 102Mb file takes only a few minutes to download, depending of course on the speed of your internet connection.
After that it’s simply a matter of firing it up, ticking the boxes for the changes you want to make, plugging the USB stick into your car and the magic happens.
Although the Mazda community has been happily hacking their cars since early 2014, the company has more or less turned a blind eye to the practice.
It is just like the changes some people make by installing modified firmware on their mobile phone – it doesn’t hurt anyone.
The only bump in the otherwise smooth road occurred when the navigation providers complained because it allowed owners to upload unauthorised maps.
That’s because map updates are their bread and butter and car owners are charged big bucks for the often infrequent updates.
As a result a take down notice was issued by the US based copyright watchdog, under the Digital Millennium Copyright Act.
Recently however a cyber security expert made the news when he has showed how easy it was to hack the MZD Connect system.
Jay Turla is a Filipino who works for the security company Bugcrowd Inc.
He owns a Mazda himself and says he wanted to show the car was vulnerable to attack.
Turla has also suggested the exploit may leave Mazda’s vehicles open to more sinister attacks.
Based on Trezdog’s software his code simply tells the system to simply display a couple of messages on screen.
“I just wanted to check what were the possible attack vectors for my car,” Turla told Bleeping Computer.
“I also want to test my car just for my personal research as I enjoyed my first visit at the Car Hacking Village during DEF CON 24 in Vegas last year.
“I also have a couple of friends in the Philippines who are currently into car hacking research.”
As far as Mazda is concerned it says MZD Connect controls a very limited number of functions within a Mazda vehicle.
“It cannot be accessed remotely over a Wi-Fi signal, leaving any threat of hacking by USB to cause minimal damage at very worst and nothing that couldn’t be reversed.
“From the vehicle standpoint, Mazda Connect can control limited vehicle feature settings, such as keyless entry, what information is shown on the Active Driving Display, when the vehicle reacts to lane departure, etc.
“But tampering with any of these features does not gain control over the vehicle’s steering, acceleration or braking.”
Fast forward and it appears the party could be over with news the loophole has been closed in the latest firmware.
Take your car in for a service and it is likely the firmware will be updated and you will have no longer have access to the system.
The exploit has been has been fixed in MZD Connect firmware version 59.00.502, released last month.
For the time being anyway. Trezdog44 has vowed to fight on . . .
“Not that I don’t like being exalted as the greatest Mazda hacker, although I’m not,” he told the Mazda3 Revolution forums.
“But you know what, what we are doing is hacking and as a great hacker I will say this, you can’t stop me.
“That’s right Visteon I’m talking to you. I will find the vulnerabilities, the weak spots, the attack surfaces. I have a community of hackers at my side and have befriended some of the greatest with a goal: to tear down any and all security designed to suppress our freedom. Especially when it comes to something we all love, our cars.
“The keyword here is OUR cars, we should be able to customise, enhance, and fix our Infotainment system’s built in flaws if we choose just like anything else.
“It is just a matter of time before the next exploit is exposed. As long as the system can be updated or data can be gathered by use of a USB drive and external script there is a way to exploit that process and I’ll be damned if we can’t find it.”
