Connected cars have security issues: Kaspersky Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers
During the last few years, cars have started actively connecting to the Internet Connectivity includes not only their infotainment systems but also critical vehicle systems, such as door locks and ignition, which are now accessible online. With the help of mobile applications, it is now possible to obtain the location coordinates of the vehicle as well as its route, and to open doors, start the engine and control additional in-car devices. On the one hand, these are extremely useful functions. On the other hand, how do manufacturers secure these apps from the risk of cyber attacks?
Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers. As a result, the company’s experts have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.
The list of the security issues discovered by Kaspersky Lab includes:
No defence against application reverse engineering. As a result, malicious users can understand how the app works and find a vulnerability that would allow them to obtain access to server-side infrastructure or to the car’s multimedia system
No code integrity check, which is important because it enables criminals to incorporate their own code in the app and replace the original program with a fake one
No rooting detection techniques. Root rights provide Trojans with almost endless capabilities and leave the app defenceless
Upon successful exploitation, an attacker can gain control over the car, unlock the doors, turn off the security alarm and, theoretically, steal the vehicle.
Kaspersky Lab researchers advise users of connected car apps to follow these measures in order to protect their cars and private data from possible cyber attacks:
Don’t root your Android device as this will open almost unlimited capabilities to malicious apps
Disable the ability to install applications from sources other than official app stores
Keep the OS version of your device up to date in order to reduce vulnerabilities in the software and lower the risk of attack
Install a proven security solution in order to protect your device from cyber attacks.