- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission.
Like the article points out, a lot of people trust strangers with their vehicles (valets, mechanics, etc). It might not happen to me, but I could see an abusive spouse/SO or shady valet installing tracking/bugging software with this exploit.
There is no remote access to the system. So the person would need to have physical access to the USB port to retrieve any data.
Every car has a vulnerability that can allow someone to put a tracker on your car and it takes a couple seconds to execute with no advanced technical ability, sticking a GPS tracker with a 4g connection to the bottom of the chassis. Bugging a car is as easy as sticking a recording device under the seat.
All of the people I listed would have physical access for hours, out of sight of the owner.(see edit)Is easy to find a tracker that’s stuck to the bottom of a car if you put it on a lift and spend a few minutes with a flashlight (and since just takes a minute and a lot of mechanics are decent people, it’s not hard to find someone to do it for free). And they either have batteries that will run out, or have to be wired to the battery which limits where they can be hidden.
Edit: misread your post, didn’t see that you were talking about physical access to retrieve data, not bug the car. I’m pretty sure these cars have Bluetooth and wifi though, which the entertainment system most likely has access to.