Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
TECHNOLOGY, DISCOVERY & INNOVATION. UPDATED 9 MINUTES AGO.
You are here: Home / Automotive Tech / Kaspersky: Hackers Can Attack Cars
Kaspersky Lab Discovers Security Flaws in Connected Cars
Kaspersky Lab Discovers Security Flaws in Connected Cars
Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
22
2017

In order to examine the security of connected cars, Kaspersky Lab researchers tested seven remote car control applications developed by major car manufacturers. The research discovered that each of the examined apps contained several security vulnerabilities.

This is according to a research report by Kaspersky Lab researchers, which examines the security of applications for the remote control of connected cars from several famous car manufacturers. As a result, the security company's experts discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

Upon successful exploitation, an attacker can gain control over the car, unlock the doors, turn off the security alarm and, theoretically, steal the vehicle, reveals the report.

The list of the security issues discovered includes:

* No defense against application reverse engineering -- as a result, malicious users can understand how the app works and find a vulnerability that would allow them to obtain access to server-side infrastructure or to the car's multimedia system;

* No code integrity check, which is important because it enables criminals to incorporate their own code in the app and replace the original program with a fake one; * No rooting detection techniques. Root rights provide Trojans with almost endless capabilities and leave the app defenseless;

* Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users' credentials;

and * Storage of logins and passwords in plain text. Using this weakness, a criminal can steal users' Relevant Products/Services relatively easily.

"The main conclusion of our research is that, in their current state, applications for connected cars are not ready to withstand malware attacks. Thinking about the security of the connected car, one should not only consider the security of server-side infrastructure. We expect that car manufacturers will have to go down the same road that banks have already gone down with their applications. Initially, apps for online banking did not have all the security features listed in our research. Now, after multiple cases of attacks against banking apps, many banks have improved the security of their products.

"Luckily, we have not yet detected any cases of attacks against car applications, which means that car vendors still have time to do things right. How much time they have exactly is unknown. Modern Trojans are very flexible -- one day they can act like normal adware, and the next day they can easily download a new configuration making it possible to target new apps. The attack surface is really vast here," says Victor Chebyshev, security expert at Kaspersky Lab.

This year the CES 2017 featured a variety of technologies that support the future of autonomous or automated driving, including parking assist, collision avoidance, emergency braking and much more.

The entire convention hall was filled with carmakers showcasing new models, self-driving tech, and wild concepts from BMW, Ford, Hyundai, Toyota, Nissan and more. Ford became the first automaker to bring Amazon Echo into their cars, while BMW, Intel, and Mobileye announced that they will have self-driving cars on the road later this year. Fiat Chrysler announced its first all-electric, self-driving concept car. Google and Fiat Chrysler have partnered to build a new infotainment system on top of Android.

Kaspersky Lab researchers advise users of connected car apps to keep the OS version of their device up to date to reduce vulnerabilities and install a proven security solution in order to protect their device from cyber attacks.

© 2017 ITWeb under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN AUTOMOTIVE TECH
SCI-TECH TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.