News
Your Privacy Could Be Gone In 10 Secs When You Connect Your Phone To A Mazda
Two researchers probing one of the car maker’s models in recent months found the vehicle was collecting an awful lot of information from driver’s smartphones , including text messages, call records, app activity, photos, contacts, GPS history and emails. And it was storing all that information unencrypted.
They later discovered a way to install malware on the car, forcing it not only to hand over all that information, but track the location of the vehicle in almost real-time.
The researchers from cybersecurity firm Ixia will release their findings at the Kaspersky Analyst Summit in Cancun.
Mazda said the company hadn’t been contacted by the researchers and couldn’t respond to the findings without more information. “What we can say is that cybersecurity and protecting our customers privacy is of the utmost importance to Mazda, and we take all concerns very seriously in order to ensure our customers enjoy their experiences today and in the ever-more-connected future”.
It’s unlikely to be an issue for those who own Mazdas as physical access is needed to perform the exploit, but it could be of concern to those who connect their phones to Mazda rentals and other shared cars.
Mazda fits nearly all its models with GPS chipsets, whether those vehicles have navigation activated or not, the researchers were able to leverage the hardware to send “pings” from the car to show its location in addition to grabbing personal data from the infotainment system.
There are some limitations to the attacks. First, physical access to a car is required. And the researchers noted that the vehicles don’t always pull datas from all apps. The vehicles wouldn’t grab signal or WhatsApp messages, and it would be “hit and miss” for the kinds of email apps from which the cars would store content. But it has no problem pulling data from standardised apps like Android open source project.
Mazda can’t roll out an over-the-air update like Tesla does with its cars, so the only way remedy would be to issue a recall and load the updated software manually.
