Seattle Public Radio Station Manages To Partially Brick Area Mazdas Using Nothing More Than Some Image Files
Welp. This isn't going to help future fundraising drives. Not when a public radio station is negatively affecting, you know, driving.
Drivers of certain vehicles in Seattle and other parts of Western Washington are shouting at their car radios this week. Not because of any particular song or news item that’s being broadcast, but because an apparent technical glitch has caused the radios to be stuck on public radio station KUOW.
The impacted drivers appear to all be owners of Mazda vehicles from between 2014 and 2017. In some cases the in-car infotainment systems have stopped working altogether, derailing the ability to listen to the radio at all or use Bluetooth phone connections, GPS, the rear camera and more.
Behold the collision of OTA and IO(car)T. This unique situation -- limited solely to drivers in the Upper West -- presented a host of new problems and a lot of speculative answers. The radio station had absolutely no idea why this was happening. One local dealership told a customer it had something to do with 5G, which apparently meant affected Mazdas were now infected with a car-borne form of COVID, presumably necessitating plenty of expensive diagnostics and what have you.
Fortunately, the cars' manufacturer was actually able to pinpoint the cause of the malfunction -- which left some drivers staring at in-car systems stuck in a perpetual "loading…" loop. The answer arrived roughly a week after the problem presented itself. The problem -- discussed in this entertaining Reddit thread -- had nothing to do with network upgrades or an unexplained bug in Mazda software.
Instead, the public radio station had done something completely unexpected, sending affected vehicles into in-car entertainment purgatory. This is the statement Mazda gave to Geekwire.
“Between 1/24-1/31, a radio station in the Seattle area sent image files with no extension, which caused an issue on some 2014-2017 Mazda vehicles with older software,” the Mazda statement said. “Mazda North American Operations (MNAO) has distributed service alerts advising dealers of the issue.”
While it's somewhat troubling to note that Mazdas manufactured within the last eight years are running what Mazda considers to be outdated software, the good news is that it can be fixed. The bad news follows the good news: due to shipping constraints affecting goddamn everything, drivers affected by this oddity shouldn't expect to see a fix anytime soon. "Part delays" cited by Mazda could put permanent fixes months off.
On the other hand (good news!), even older models will be covered by these repairs, whether or not they're still under warranty. The company has instructed dealers to honor "goodwill requests" for free repairs of affected vehicles. Back to the bad news: the part that apparently needs to be replaced is the ominous-sounding "connectivity master unit," which indicates a whole lot of connectivity will be affected until dealers get the part in stock and start dealing with the backlog of semi-bricked Mazdas. Some users have reported in-car entertainment systems stuck in permanent loops, non-functioning GPS systems, and bricked back-up cameras.
This isn't going to go well for Mazda, considering it's the only manufacturer whose systems have been rendered useless by a misconfigured file distributed by a radio station. While this situation is certainly an outlier, there's likely a reason other in-car entertainment systems weren't similarly affected, which suggests a crucial shortcoming in the tech installed in those models -- one that could be exploited by entities far more nefarious than local public broadcasters.
""Part delays" cited by Mazda could put permanent fixes months off."
While I'm happy that it seems that no actually vital car functionality was affected
Re:
Going off what I read on this a few days ago it corrupts some critical part of the firmware and the devices don't have an easily access port to allow them to use something like JTAG to force load good firmware so that at least dealers could fix it in the field..
Pretty epic fail.
Re: Re:
Damn... yeah if that can happen anyway it's pretty bad design, but from what I understand here all that caused it was a file being sent without an explicit extension specified? Wow...
Re: Re: Re:
All of this. Wow. Depending on file extensions. Files without extensions wreck firmware, requiring hardware replacement. What the actual hell?
Re: Re: Re: Re:
So what these idiots forgot to install the magic database and file utility?
Quick someone try sending it some random binary executable. Chances are it will just run it anyway....
/s
In all seriousness, why would this even cause such a huge failure to begin with? It's unvetted untrustworthy data coming into the system from a remote source via an interceptable wireless transmission. Who the fuck is depending on the file extension for anything here?!?!? And why would they save it to the non-volatile storage for re-use when it hasn't been checked yet!?!?!?!? (It obviously hasn't been as the whole system fails when trying to check the damn thing.) Multiple someones at Mazda need to loose their jobs over this. I wonder if someone can find a unsigned code execution exploit here. (Or just in general to get these "faulty" parts working again during a parts shortage....)
Re: Re: Re: Re: Re:
"Who the fuck is depending on the file extension for anything here?!?!?"
I've worked for a number of companies where tight deadlines, overworked developers and management being willing to turn a blind eye to obvious problems to hit a profit level have led to some bad outcomes. All this really takes is developers not taking into account a use case they didn't think of, and an underfunded testing department (who are always considered the enemy but people trying to release a new revenue stream) not returning those tests or have their tests ignored in favour of gambling that they can make a lot of money before it's exposed.
It takes a few lines of code, at most, to validate input, Mazda. That's programming 101. Embarrassing.
Absolutely hilarious! I would love to see videos of people screaming at their radios/entertainment centers.
Is that mean?
Re:
Depends. Are they doing it stopped at a red light, or while they're speeding? It's not the fault of the car owner that they bought a car with incompetent software developers, but it's also not the fault of the people they drive in to...
Auto(lol)ated systems
Love the thought.
BUT WHY?
Computerized radio?
1 standard FM station can screw up allot of things?
takes me back to a person in germany being able to do basic controls in the Same model of car in Australia.
But from an FM station?
Re: Auto(lol)ated systems
"BUT WHY?
Computerized radio?"
In theory, it's nice to see the name of the song being played. Some stations have already apparently been abusing this to show ads instead of track information, but you'd also expect the radio to do some basic checks on the inputs.
Re: Re: Auto(lol)ated systems
But its affecting everything in the car.
So a 2nd system is getting it and sending to the Radio.
If its only coming from the FM, why isnt the radio the only one affected?
To much Embedded/integrated automation. Think of what happens if you CHANGE the radio. The secondary system is still there, Doing WHAT?
Cops wanted a remote control system years ago, to shut down cars in a chase.
Re: Re: Re: Auto(lol)ated systems
"But its affecting everything in the car."
No, it's affecting things that are tied to the central console and the entertainment/GPS functions. From what I understand, the car is still functional, you just lose those extra features that people didn't have at all 30 years ago.
"If its only coming from the FM, why isnt the radio the only one affected?"
Because multiple services run on the same OS that's been affected.
"The problem... had nothing to do with... an unexplained bug in Mazda software."
Proceeds to discuss the newly discovered bug in Mazda software which caused the problem.
While it's somewhat troubling to note that Mazdas manufactured within the last eight years are running what Mazda considers to be outdated software
How is that troubling? While Tesla produces cars which constantly phone home to request software updates, few other car manufacturers do so. Based on techdirt's articles on both IoT devices and ownership issues related to software updates (including Tesla's recent woes), I'm surprised to see techdirt disapproving of a company not following their lead.
Re:
I saw that bit about the "had nothing to do" as well, but you beat me to it.
For my money, "over the air" software updates to cars is a catastrophe waiting to happen. You can hack a phone? Your car effectively has a phone, calling in for updates. Whatever you can update over the air can be hacked. If nothing else, a supply chain hack.
How much would you like to wager that the NSA does not already deploy some vehicular surveillance through entertainment systems already?
Re:
The problem is that most modern cars, Teslas or not, probably phone home anyway! If companies are going to phone home, then they should install security updates too.
Re:
Sounds legit. It's not an unexplained bug if you explain it, after all.
Re: How is that troubling?
Because, in the real world of hardware, it's not appropriate to release products this shit. Car's have never required an over the air update mechanism because their safety systems are designed to work and tested before release. There's no reason to treat car software any differently.
Holding up Musk, maker of the car that accelerates into the concrete lane divider on an off ramp killing it's drivier, as an example of how to make cars safe is ridiculous. A Tesla is a very expensive battery wrapped in a shit car running beta software.
Timely.
"Tesla investigated over 'phantom braking' problem" https://www.bbc.co.uk/news/technology-60432351
"Coming up next on WWTF's Non-Stop Long-drive replays, it's Phantom of the Stopera, followed by Stop! in the Name of Love, Don’t Stop Me Now, Who’ll Stop the Rain, Don’t Stop Believin’, I Can’t Stop Loving You, Can’t Stop This Thing We Started, Can't Stop till you get Enough, You can't Stop the Music, and Stop right now thank you very much "
And then there is this: by 2026, vehicles sold in the US will be required to automatically and silently record various metrics of driver performance, and then make a decision, absent any human oversight, whether the owner will be allowed to use their own vehicle. Even worse, the measure goes on to require that the system be "open" to remote access by "authorized" third parties at any time.
This was in the so far not passed infrastructure bill. One can imagine the ramifications of such a requirement in the future.
"Back to the bad news: the part that apparently needs to be replaced is the ominous-sounding "connectivity master unit," which indicates a whole lot of connectivity will be affected until dealers get the part in stock and start dealing with the backlog of semi-bricked Mazdas."
Ah, yes. Mazda. Hiroshima's revenge.
Just imagine what they could do to us if we ever go to war with them again.
Poe's law?
I hope you aren't seriously trying to imply that this was on purpose somehow.
Re: Poe's law?
I think some people are still very bitter about how the US car industry had its ass handed to it decades ago
That is one reason to have a phone with FM radio in it, and than bluetooth it to the stereo that way. I would never use the radio on modern cars, I would either use FM radio feature on my phone, or listen to the Internet stream.
I'm sorry Dave, it's gif not jif.
Re:
I don't know, that gif has quite a lot of nuts in it..... :P
If you stare hard enough
IO(car)T looks like a racecar facing left.
Modern cars are often hard to repair (i.e. defective) by design.
Perhaps fixing this issue wouldn't be as hard as it is if car manufacturers had designed their cars to be repairable by independent drivers and third-party repair garages. In other words, if car companies had respected the right to repair in the first place, then this Mazda radio fiasco might not have happened in the first place. Granted, Mazda is a Japanese company, so I don't know how exactly the US government should go about passing a law protecting the right to repair.
