During the last few years, cars have started actively connecting to the Internet.
Connectivity includes not only their infotainment systems but also critical vehicle systems, such as door locks and ignition, which are now accessible online. Thanks to apps, one can easily control their vehicles at the touch of a button. Sure it’s convenient, but how confident can we be that no one else is snooping on your connection and using it to break into your car?
In order to find this out, Kaspersky Lab researchers have tested seven remote car control applications that have been downloaded by millions of users. The research discovered that each of the examined apps contained several security issues. These issues can potentially allow criminals to cause significant damage for connected car owners.
The list of the security issues discovered includes:
- No defense against application reverse engineering. As a result, malicious users can understand how the app works and find a vulnerability that would allow them to obtain access to server-side infrastructure or to the car’s multimedia system
- No code integrity check, which is important because it enables criminals to incorporate their own code in the app and replace the original program with a fake one
- No rooting detection techniques. Root rights provide Trojans with almost endless capabilities and leave the app defenseless
- Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users’ credentials
- Storage of logins and passwords in plain text. Using this weakness, a criminal can steal users’ data relatively easily.
One of the biggest damages a hacker can do is to gain control over the car and steal the target vehicle. They can also unlock the doors and turn off the security alarm.
Kaspersky Lab researchers advise users of connected car apps to follow these measures in order to protect their cars and private data from possible cyberattacks:
- Don’t root your Android device as this will open almost unlimited capabilities to malicious apps
- Disable the ability to install applications from sources other than official app stores-
- Keep the OS version of your device up to date in order to reduce vulnerabilities in the software and lower the risk of attack
- Install a proven security solution in order to protect your device from cyberattacks.
Picture source: Supplied photo