Cars aren’t as simple as they used to be, particularly regarding the technology that’s inside them. Nowadays, you’d be hard-pressed to find a new vehicle that isn’t vulnerable in some way to threats like malware or cyber attacks. The researchers at Kaspersky have proven that many apps that are connected to smart cars aren’t as secure as drivers expect them to be.
A pair of researchers have found that nine of the most popular car-connected apps have lacklustre security features that keep them from protecting the drivers as best they can. The reason is simply because the apps store the usernames and passwords on the phones connected to the vehicles… without encryption. Considering how it’s a relatively simple feat for a hacker to root a smartphone, the hacker could easily gain access to the victim’s vehicle. In a worst-case scenario, a hacker could use fraudulent versions of these apps to tether the phone to a car and steal the user’s credentials, or use an overlay attack to accomplish virtually the same thing.
These types of attacks are nothing new, but they are concerning--especially since they could eventually turn into the beginnings of an epidemic, one which sweeps across roadways and threatens anyone who dares to set foot in a computerised vehicle.
Hackers that lurk online, hoping to find the latest threats and security troubles to take advantage of, have also shown interest in these exploits. Researchers have found posts that advertise the sale of these car app credentials, including PINs and VINs for various vehicles from all sorts of different manufacturers. When looking at these vulnerabilities, it has become clear that vehicle manufacturers have failed to adapt to the improvements (and failures) of vehicular technology security. While the connectivity is a great way to sell a car, you’d be hard-pressed to find a salesman who will admit that the vehicle you’re interested in could be vulnerable to hackers.
Therefore, the automotive industry will be left with an ultimatum: either step up and make vehicles more secure from online threats, or face the frustration of dealing with angry customers, eventually eroding their will enough to forcefully bring change to the manufacturing process.
What are your thoughts on owning a smart car? Do you think it’s worth the extra worry that comes from owning yet another device that needs protecting, or do you think that it’s worth the risk for the extra convenience? Let us know in the comments, and be sure to subscribe to our blog for more articles about technology and security.