Are you driven to secure your car from any digital danger?
DUBAI — It’s a terrifying thought that somewhere a hacker has the tools to gain control over your car, unlock the doors, turn off the security alarm, and steal the vehicle.
Vehicle owners today that have opted to purchase a connected car do so because they desire a digital experience that is not unlike what they experience with their smartphones. As a result, cars have started actively connecting to the Internet over the past few years.
This connectivity includes not only their infotainment systems, but also critical vehicle systems such as door locks and ignition, which are now accessible online. With the help of mobile applications, it is now possible to obtain the location coordinates of the vehicle as well as its route, and to open doors, start the engine and control additional in-car devices.
Kaspersky researchers, examining the security of these applications, have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.
“The main conclusion of our research is that, in their current state, applications for connected cars are not ready to withstand malware attacks. Thinking about the security of the connected car, one should not only consider the security of server-side infrastructure,” Kaspersky security expert Victor Chebyshev said.
Chebyshev expects car manufacturers to go down the same road that banks have already gone down with their applications. Initially, apps for online banking did not have a lot of comprehensive security features but, after multiple cases of attacks against banking apps, many banks have improved the security of their products. “Luckily, we have not yet detected any cases of attacks against car applications, which means that car vendors still have time to do things right. How much time they have exactly is unknown,” Chebyshev noted.
Recent research has found that the global connected car market is anticipated to cross the $155 billion mark by 2022. A report by BI Intelligence in 2015 predicted that the connected car market is growing at a five-year compound annual growth rate of 45 per cent — 10 times as fast as the overall car market.
Kaspersky Lab researchers have tested seven remote car control applications developed by major car manufacturers, and which, according to Google Play statistics, have been downloaded tens of thousands, and in some cases, up to five million times. The research discovered that each of the examined apps contained several security issues such as the storage of logins and passwords in plain text, which allows criminals to steal user data relatively easily.
The list of the security issues discovered also includes no defence against application reverse engineering; no code integrity check, which is important because it enables criminals to incorporate their own code in the app and replace the original program with a fake one; no rooting detection techniques; and lack of protection against app overlaying techniques, which helps malicious apps to show phishing windows and steal users’ credentials.