Mazda Leaking Your Private Information

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,532
This is a rather interesting story that highlights how our connected tech-selves and our new cars interface. While the reports are not fully fleshed out, Forbes is reporting that Mazda (as identified by Forbes) is collecting a lot of your smartphone information, and then storing it locally in an unencrypted state. Then, with a bit of malware, the two researchers mentioned were able to pull all of that information off of the cars storage and also trace vehicle location as well. All of this requires physical access to the car, which sounds like a big hurdle to get over, right up until you consider the rental car market.

It is stuff like this that I resist using my smartphone for any kind of banking apps. Of course, now hackers will get my sexting information. Actually, both the cars I drive are 10+ years old, so I do not have these issues at all.

Two researchers who've been probing one of the car maker's models in recent months found the vehicle was collecting an awful lot of information from drivers' smartphones, including text messages, call records, app activity, photos, contacts, GPS history and emails. And it was storing all that information unencrypted, they claim. They later discovered a way to install malware on the car, forcing it not only to hand over all that information, but track the location of the vehicle in almost real-time.
 
That's why I make an effort to keep the 2003 Focus running.

1) I love it.
2) It's a manual.
3) Can't wrap my head around connectivity that can't be turned off.
 
It's not that hard honestly. Hook up a USB to Ethernet cable to the USB port and a router that hands out DHCP. Then SSH to the car, then with the default password which is publicly available and you can log in to a linux based kernel. From that point on, you can do lots of goodies. Enable the WiFi adapter, DVD playback, disable the safety touchscreen feature, etc. I'm not surprised by this at all.
 
Why are they putting so much storage into the car system to be able to hold all that info for?
Why does it need to hold that info?

The only things it really needs is contacts that you then personalise to who you want to be listed on the car system.

Also explains why the interface is so slow and laggy, busy compiling all the stuff from a phone and looking to connect to anything.
 
Literally just bought a CX-5 yesterday. Lol.
 
Kinda a non issue.
A lot of the information that the interface gathered is normal. Contact list because you can show your contacts on the center console. Same with call history and text messages (since mazda has text to voice for text messages). I assume gps history has to do with their built in gps navigation (gps is installed on ever car. Navigation is extra, but the hardware is all there. You can buy a cd from mazda (or get one off ebay) that has the maps and enables it).
App activity and photos is a bit odd. I assume it gets some photos for contacts and whatnot.

All car tech has serious security issues. They assume that strangers will not have access to your car.

90% of these entertainment sets run linux or embedded windows. You can run/install your own apps with a little bit of knowledge. In fact there are known hacks for mazda which enable android auto on them (the official release from mazda is very late, but this guy: https://mazdatweaks.com/ figured out how to hack it in there before hand).
 
My Mazda is probably too old to be having this capability. And I'm going to run it to the ground so help me god.
 
You guys aren't doing it right. Every problem is an opportunity. Stop trying to figure out how to keep your data secure, and start trying to figure out how much bad information you can get hackers to nibble on. Then make YouTube videos.

I have never successfully secured my personal computer - if you surf the web, something will get through. But I also keep a text file called "Credit Card Info.txt" that is full of made up credit cards. I never open it, but I do have a chron running to see if it is accessed. Last access was in 2015, after which I giggled and then did a full reinstall.

I worry more about my cousins than I worry about hackers, whenever my cousin gets his hands on my phone he peals the headers off my music and then tacks them onto weird feminist gospel folk shit.
 
Last edited:
I don't believe this is their goal but I still feel the need for the joke. Well this explains how Mazda has escaped changing hands for awhile now. For a time they were the proverbial red headed step child handed over from one company's ownership to the next. Seems like they found another source of revenue.
 
I don't believe this is their goal but I still feel the need for the joke. Well this explains how Mazda has escaped changing hands for awhile now. For a time they were the proverbial red headed step child handed over from one company's ownership to the next. Seems like they found another source of revenue.

A lot of automakers use a third-party for infotainment software.

In this case, it's Johnson Controls.
 
It's not that hard honestly. Hook up a USB to Ethernet cable to the USB port and a router that hands out DHCP. Then SSH to the car, then with the default password which is publicly available and you can log in to a linux based kernel. From that point on, you can do lots of goodies. Enable the WiFi adapter, DVD playback, disable the safety touchscreen feature, etc. I'm not surprised by this at all.
this has been patched out of the current version of Mazda Connect, I know my 17 came with it and the only way to sideload anything or access it via SSH is by hard wiring a usb to serial connection. Granted for Android Auto which has been promised for more than 2 years I'm considering it.
 
DataOps is now becoming a thing.
I love it when new job titles are made up based on whatever is going on in the news.
Just don't publish anything read/write open to the world.
 
Back
Top