As cars become more technologically advanced and reliant on computers, they become more likely targets for malware and cyber attacks. However, as researchers from Kaspersky have uncovered in an investigation into an assortment of connected-car mobile apps, car manufacturers may not be as committed to ensuring the security of their vehicles as drivers may want.
Two researchers from the security firm discovered that nine popular car-connected applications did not have sufficient security measures in place to defend the vehicle’s computer-controlled features. All but one app stored the username and/or password on the phone itself without any encryption to protect it. If these phones were to be rooted by a hacker, that hacker would then have access to their victim’s car. Otherwise, the hackers could disperse fraudulent versions of the apps that connect the phone to the car, and steal a user’s credentials that way, or even just utilize an overlay attack to effectively do the same thing.
While these kinds of security issues are not a new phenomenon, the researchers argue that we are still in the beginning stages of a potential outbreak of cybercrime creeping onto our roadways.
Hacker forums seem to be quietly interested as well, as the researchers did find a few posts offering the sale of car app credentials, along with PINs and VINs for numerous cars from assorted manufacturers. Speaking of the manufacturers, it became more and more clear that as they developed these technologies, they failed to keep the big picture in mind and focused more on providing a cool new selling point than they did on ensuring that their customers’ investments (and lives) were protected.
There are a few scenarios that may result: either the automotive manufacturing industry shapes up and provides a product that protects drivers from those trying to exploit their vehicles for their own gain, or they continue to produce vehicles with insufficient defenses until consumer backlash is enough to convince them of the need for change.
So what do you think? Is the convenience of having a car with all the abilities full connectivity provides a big enough benefit to risk it for you? Or would you rather wait until you knew your car would be safe before you buckled in? Let us know in the comments!