My Kia Soul was recently totaled out. I got a loan and picked a car. The car: 2016.5 Mazda CX-5. After purchasing said car from Carvana, I decided to look into its features. Naturally, my google-fu steered me to some links about Mazda Infotainment hacking. Most notably: This video of a guy popping a shell with a backdoor and this repo of a developed set of tweaks exploiting a known JCI vulnerability.

Summary:

Apparently, I can not only gain a root shell but also output scripts which tweak the UI (which I can likely just review and tweak even further).

After receiving the car from Carvana, I checked the onboard firmware version and it is vulnerable.

I am now driving the car for a few days to get a feel for everything.

In the distant future I’d like to see if I can leverage cronjobs and packages to wardrive, or do a PoC mitm from the car itself.

Hell maybe I could jump to installing routersploit and dump results of autopwn run from within open APs around town.

Who knows.

Start small.

Next Steps:

-Find down time
-Enter JCI Test Mode to gain root shell and poke around
-Generate MZD-AIO tweaks, install, test