Mazda’s Infotainment Software Can Leave Owners Open to Hacking Attacks
If you currently own a Mazda 3, this information is crucial for you. A cybersecurity group has identified multiple vulnerabilities within the brand’s infotainment software, which could leave owners exposed to hacking risks. Fortunately, there are ways to mitigate these threats.
CyberInsider initially reported that Dmitry Janushkevich, from Trend Micro’s Zero Day Initiative (ZDI), uncovered the security flaws within the infotainment system of certain Mazda models.
Specifically, the vulnerabilities were traced to the Connectivity Master Unit (CMU), a critical component that handles the system’s connectivity functions. Given the importance of the CMU, it’s concerning that such security weaknesses exist in this key area.
While the exact list of affected vehicles is still unclear, the report highlights Mazda 3 models from the 2014 to 2021 range. It’s reasonable to assume that other Mazda models produced during the same years could also be impacted, as infotainment software is typically not model-specific.
The details behind the vulnerabilities are highly technical, so we’ll focus on the practical implications for Mazda owners. The silver lining is that hackers cannot exploit these flaws remotely. Access requires a physical device loaded with malware to be plugged into one of the vehicle’s USB ports. This means that any time you allow an unauthorized person to have access to your vehicle—whether it’s a valet, mechanic, or detailer—you’re potentially exposing your car to a cyberattack. It’s essential to be cautious in such situations.
Mazda’s vehicles are not heavily reliant on autonomous driving systems, so the risk of a hacker remotely taking control of your car is negligible. However, depending on the malware used, attackers could steal sensitive personal information, which could be misused later. Additionally, the malware could compromise the CMU, which might allow hackers to gain access to other devices connected to the vehicle, such as passengers’ smartphones.
To protect yourself, it’s highly recommended that you check with Mazda for any available software patches and update your system immediately. Until then, avoid giving anyone you don’t fully trust access to your car without supervision.
