March 27, 2023
Another day, another crash in automotive gadget software. This time, the bug was discovered in the infotainment system of older model Mazdas from 2014-2017. Motorists reported that their HD radio receivers crashed when connecting to a local radio station. The radio and its screen, bluetooth abilities, integrated maps, and digital clocks were all fried. According…

Another day, another crash in automotive gadget software. This time, the bug was discovered in the infotainment system of older model Mazdas from 2014-2017. Motorists reported that their HD radio receivers crashed when connecting to a local radio station. The radio and its screen, bluetooth abilities, integrated maps, and digital clocks were all fried.

According to reports, the system failure took place due to an easy coding error that transpired when the radio station transferred images without the required extension in the file names.

While disappointed Mazda owners waiting for their new $1500 CMU (Connection Master System) may disagree, this specific bug was reasonably harmless– leading to very little damage.

Sadly, chances are we’ll continue to hear reports of software application breakdowns in lorry systems, and as vehicles significantly rely on code, threats of vulnerabilities affecting security and safety grow exponentially. Who knows how the next bug will impact chauffeurs?

How a Basic Coding Error Corrupted Mazda’s Connected Systems

The complete information of the coding mistake that caused the crash of Mazda CMUs weren’t released, however we can presume that it was a kind of NULL dereference vulnerability.

Here’s how that works:

In the C programming language, there is a function called strchr. This function gets two specifications: a tip to a string and a character, and searches for the character within the string, returning a tip to the outcome found. If the function fails, a NULL guideline is returned.

Then, the program will probably attempt to understand the extension of the particular file that it got.

In order to find the extension, a function similar to strcmp is most likely used. This function gets two guidelines and compares their contents. Eventually, the contrast is made through a dereferencing guideline.

Dereferencing is the action of taking the value that the guideline is pointing at.

In this particular case, the NULL guideline was sent to this function, and while the function tried to dereference the value of the NULL, it got an exception.

This kind of vulnerability in the code can be easily prevented by inspecting if the gotten pointer is different from NULL.

Avoidance and Mitigation

Avoiding this type of concern in the advancement stage needs software engineers to follow protected coding requirements that define how to compose code in order to avoid security vulnerabilities in gadget software.

Nevertheless, while secure coding is key to avoiding software vulnerabilities, it’s only one element.

Coding will constantly be susceptible to human mistakes, even when written by the most experienced developers. On top of that, most of the items we rely on today rely greatly on a supply chain that includes open source and third-party software application that your developers had no part in writing.

Mazda infotainment system

Smart Cars Requirement Smarter Security Car makers are investing greatly in sophisticated automated security controls, from steering and brakes to blind-spot detection and whatever in between. Considering the truth that these systems have ended up being increasingly dependent on software application, why isn’t the same attention directed at vehicle software application security!.

?.!? The expense of a software vulnerability in automotive gadgets escalates if it is discovered after the automobile strikes the road. Beyond the rate of pausing production or providing recalls, software bugs might result in more than the inconvenience of a broken infotainment system. When discovered in critical security features, they could in fact impact human lives.

Insufficient attention to software application security in automobile gadgets can turn cars and trucks into ticking time bombs. Today’s heavily automatic automobiles require OEMs extend their focus beyond physical car security to consist of software application security, from the earliest design stages all the way to tracking software versions that are already on the road.

The Road to Automotive Safety: Secure Software

Making sure safe and vulnerability-free automobile gadgets requires additional steps beyond safe coding or manual bug tracking. That’s why firmware and code in all devices must be constantly monitored for vulnerabilities, to rapidly discover and fix errors. Automated product security assists teams attend to security dangers previously– not after– they land business in the headlines.

An advanced automotive item security platform, like Cybellum, enables product security groups to track every line of code in their software– whether it was developed internal or obtained from a third-party or open source– and guarantee that software application vulnerabilities are found and addressed early, before they can cause costly injury to individuals and major damage to manufacturers’ credibilities.

The Mazda infotainment crash proves once again that an easy coding error can cause unexpected chaos. Thankfully, this time, the damage was limited to infotainment and momentarily annoyed drivers plus a couple of headings. Car manufacturers need to begin prioritizing device security to make sure all the software application their products depend on does not drive them off the roadway.

Sponsored by Cybellum

Source