Jay Turla has been a very busy man since purchasing his new Mazda vehicle. He’s been spending time researching hacks to his car’s infotainment system, and as with most other “smart” products on the market today, he’s finding the system incredibly easy to break into.

He’s not alone. In fact, a whole online community has grown up around the idea of hacking various models of Mazda cars.

A variety of security researchers have confirmed what the online community has known for more than three years. Mazda’s infotainment system contains a raft of bugs that make it incredibly easy to hack the system. In fact, the online community has even built an app that automates the process.

Turla started with the app and began making tweaks and changes to see exactly what he could accomplish in terms of hacking his car. His key finding? All he had to do was plug a USB stick into the car. Once that was done, the scripts would execute automatically and begin making changes.

On the surface of it, that sounds pretty bad, and it certainly underscores the ongoing problem with today’s smart devices – they’re incredibly easy to hack and very few product manufacturers have expressed much interest in providing better security for the devices they make. Mazda is a classic example of this very phenomenon; remember, these bugs have been well-known for more than three years!

From a practical standpoint, though, the ability to easily hack the car’s infotainment system isn’t as bad as it could be. You can’t, for example, use these hacks to auto-start the car, or change any of the critical settings…at least not yet.

While Mazda insists that it’s not possible to impact anything but the car’s infotainment system, the hacking community isn’t convinced. Neither is Turla, who says he plans to continue his research to see just how far he can take his automated hacks.

This is certainly no reason not to buy a Mazda, but it’s something to keep in mind, and here’s hoping that at some point, manufacturers of smart devices start taking security more seriously.

Used with permission from Article Aggregator