You Can Hack Some Mazda Cars with a USB Flash Drive

"No need for a user interaction, you just need to insert the USB flash drive in the USB port of your car," the researcher told Bleeping Computer. "Imagine an autoplay feature on Windows which executes a script directly."

Furthermore, Turla says one of his work managers believes these flaws could be abused to install RATs (Remote Access Trojans) on Mazda cars.

Other researchers who looked at the MZD Connect firmware shared this opinion. "That CMU [Car Multimedia Unit] is full of remote exec bugs," wrote security researcher Aris Adamantiadis‏ on Twitter. "If you connect it to WiFi you can have a [read only] access to the CAN bus through network DBUS," he added.