Mazda Leaking Your Private Information

Discussion in '[H]ard|OCP Front Page News' started by Kyle_Bennett, Mar 12, 2018.

  1. Kyle_Bennett

    Kyle_Bennett El Chingón Staff Member

    May 18, 1997
    This is a rather interesting story that highlights how our connected tech-selves and our new cars interface. While the reports are not fully fleshed out, Forbes is reporting that Mazda (as identified by Forbes) is collecting a lot of your smartphone information, and then storing it locally in an unencrypted state. Then, with a bit of malware, the two researchers mentioned were able to pull all of that information off of the cars storage and also trace vehicle location as well. All of this requires physical access to the car, which sounds like a big hurdle to get over, right up until you consider the rental car market.

    It is stuff like this that I resist using my smartphone for any kind of banking apps. Of course, now hackers will get my sexting information. Actually, both the cars I drive are 10+ years old, so I do not have these issues at all.

    Two researchers who've been probing one of the car maker's models in recent months found the vehicle was collecting an awful lot of information from drivers' smartphones, including text messages, call records, app activity, photos, contacts, GPS history and emails. And it was storing all that information unencrypted, they claim. They later discovered a way to install malware on the car, forcing it not only to hand over all that information, but track the location of the vehicle in almost real-time.
  2. cdr_74_premium

    cdr_74_premium [H]ard|Gawd

    Oct 20, 2010
    That's why I make an effort to keep the 2003 Focus running.

    1) I love it.
    2) It's a manual.
    3) Can't wrap my head around connectivity that can't be turned off.
    Armenius likes this.
  3. RogueTadhg

    RogueTadhg [H]ard|Gawd

    Dec 14, 2011
    Silly Forbes, Equifax already leaked my information.

    It's seen more action than a Las Vegas Motel during the Valentines Day season.
  4. wgm3446

    wgm3446 Gawd

    May 8, 2007
    It's not that hard honestly. Hook up a USB to Ethernet cable to the USB port and a router that hands out DHCP. Then SSH to the car, then with the default password which is publicly available and you can log in to a linux based kernel. From that point on, you can do lots of goodies. Enable the WiFi adapter, DVD playback, disable the safety touchscreen feature, etc. I'm not surprised by this at all.
  5. MV75

    MV75 Gawd

    Nov 13, 2007
    Why are they putting so much storage into the car system to be able to hold all that info for?
    Why does it need to hold that info?

    The only things it really needs is contacts that you then personalise to who you want to be listed on the car system.

    Also explains why the interface is so slow and laggy, busy compiling all the stuff from a phone and looking to connect to anything.
    Armenius likes this.
  6. skiddierow

    skiddierow Limp Gawd

    Aug 1, 2013
    I've had an '18 Mazda 3 for a couple months now, guess I need to see about changing the root password.
    qb4ever and Kyle_Bennett like this.
  7. 0ptional

    0ptional Don't Trust Your Friends with Your Decanter

    Feb 22, 2003
    Literally just bought a CX-5 yesterday. Lol.
  8. Gigus Fire

    Gigus Fire 2[H]4U

    Oct 14, 2004
    Kinda a non issue.
    A lot of the information that the interface gathered is normal. Contact list because you can show your contacts on the center console. Same with call history and text messages (since mazda has text to voice for text messages). I assume gps history has to do with their built in gps navigation (gps is installed on ever car. Navigation is extra, but the hardware is all there. You can buy a cd from mazda (or get one off ebay) that has the maps and enables it).
    App activity and photos is a bit odd. I assume it gets some photos for contacts and whatnot.

    All car tech has serious security issues. They assume that strangers will not have access to your car.

    90% of these entertainment sets run linux or embedded windows. You can run/install your own apps with a little bit of knowledge. In fact there are known hacks for mazda which enable android auto on them (the official release from mazda is very late, but this guy: figured out how to hack it in there before hand).
  9. wra18th

    wra18th [H]ardness Supreme

    Nov 11, 2009
    My Mazda is probably too old to be having this capability. And I'm going to run it to the ground so help me god.
  10. seanreisk

    seanreisk [H]Lite

    Aug 29, 2011
    You guys aren't doing it right. Every problem is an opportunity. Stop trying to figure out how to keep your data secure, and start trying to figure out how much bad information you can get hackers to nibble on. Then make YouTube videos.

    I have never successfully secured my personal computer - if you surf the web, something will get through. But I also keep a text file called "Credit Card Info.txt" that is full of made up credit cards. I never open it, but I do have a chron running to see if it is accessed. Last access was in 2015, after which I giggled and then did a full reinstall.

    I worry more about my cousins than I worry about hackers, whenever my cousin gets his hands on my phone he peals the headers off my music and then tacks them onto weird feminist gospel folk shit.
    Last edited: Mar 12, 2018
    Patton187 likes this.
  11. lostin3d

    lostin3d Gawd

    Oct 13, 2016
    I don't believe this is their goal but I still feel the need for the joke. Well this explains how Mazda has escaped changing hands for awhile now. For a time they were the proverbial red headed step child handed over from one company's ownership to the next. Seems like they found another source of revenue.
    skiddierow likes this.
  12. skiddierow

    skiddierow Limp Gawd

    Aug 1, 2013
    A lot of automakers use a third-party for infotainment software.

    In this case, it's Johnson Controls.
    lostin3d likes this.
  13. WhoMe

    WhoMe Limp Gawd

    Jan 3, 2018
    My car is old enough to vote this year...but it is still not allowed to use a smart phone.
    lostin3d and clockdogg like this.
  14. /dev/null

    /dev/null [H]ardForum Junkie

    Mar 31, 2001
    I'm not lettin' my johnson control my car!
    lostin3d, 0ptional and MrTryfe like this.
  15. zpackrat

    zpackrat Gawd

    Jan 28, 2002
    this has been patched out of the current version of Mazda Connect, I know my 17 came with it and the only way to sideload anything or access it via SSH is by hard wiring a usb to serial connection. Granted for Android Auto which has been promised for more than 2 years I'm considering it.
    wgm3446 likes this.
  16. somebrains

    somebrains Limp Gawd

    Nov 10, 2013
    DataOps is now becoming a thing.
    I love it when new job titles are made up based on whatever is going on in the news.
    Just don't publish anything read/write open to the world.