A bug has been found in older Mazda infotainment systems from 2014 to 2017.
In January 2022, drivers of older Mazda vehicles near Seattle, Washington, experienced HD radio receiver crashes when tuning into local public radio stations.
End users report that their HD radio receiver crashed when connecting to a local radio station. The radio and its display, bluetooth function, built-in map, and digital clock were all fried.
Reports indicate that the system failure was caused by a simple coding error that occurred when a radio station sent an image without the required file name extension.
While Mazda owners waiting for their $1500 CMU (Connectivity Master Unit) may be frustrated, the bug was relatively harmless and appears to have caused minimal damage.
Caused by a simple coding error
The full details of the coding error that caused the Mazda CMU crash have not been published, but it is assumed to be a type of null dereference vulnerability.
Prevention and Mitigation Measures
Preventing such problems during the development phase requires software engineers to follow secure coding standards that define how to write code to avoid security vulnerabilities in device software.
But while secure coding is key to preventing software vulnerabilities, it is only one component.
Coding, even when written by experienced programmers, is always subject to the possibility of human error. Furthermore, many of the products we use today rely heavily on the supply chain, including open source and third-party software, some of which programmers were not involved in creating.