Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Vehicle-controlling Android apps are not secure

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 20, 2017

Vehicle-controlling Android apps are deemed insecure and they create a heightened car theft risk, security researchers at Kaspersky Lab have asserted.

The researchers at the security software maker made the warning after placing Android apps from seven unnamed car makers through their paces, uncovering a whole slew of basic security bugs in the process.

During recent years, cars have started actively connecting to the internet. Connectivity includes not only their infotainment systems but also critical vehicle systems, such as door locks and ignition, which are now accessible online.

The list of the several security problems discovered by Kaspersky Lab's workers includes:

  • No defence against application reverse-engineering.
  • No code integrity check-- this is critical since it enables criminals to incorporate their own code in the app and replace the original program with a fake one.
  • No rooting detection techniques. Root rights provide Trojans with almost endless capabilities and leave the app totally defenceless.
  • Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users’ credentials.
  • Storage of logins and passwords in plain text.
  • Upon successful exploitation, a potential hacker could gain control over the vehicle, unlock its doors, turn off the security alarm and, in a worse case scenario, steal the vehicle.

    In each case, the attack vector would require some additional preparations, like luring owners of applications to install specially-crafted malicious apps that would then root the device and get access to the vehicle application.

    “The main conclusion of our research is that, in their current state, applications for connected cars are not ready to withstand malware attacks," said Victor Chebyshev, security expert at Kaspersky Lab.

    "Thinking about the security of the connected vehicle, one should not only consider the security of server-side infrastructure," Kaspersky Labs added.

    "We expect that car makers will have to go down the same road that banks have already gone down with their various applications. Initially, apps for online banking did not have all the security features listed in our research. Now, after multiple cases of attacks against banking apps, many banks have improved the security of their products. Luckily, we have not yet detected any cases of attacks against car applications, which means that manufacturers still have time to do things right," he asserted.

    The security of the apps compared unfavourably to comparable banking apps, according to third party experts.

    Mike Ahmadi, global director of critical systems security at Synopsys, commented-- "Banks are indeed more mature in their general approach to internet security, including the hundreds and often thousands of applications they must interface with on a daily basis. They have already faced the issue of being a target for a much longer time than the automotive community has, and they take a very proactive approach in addressing ongoing security issues."

    "Overall, the automotive industry is still relatively new to both application management and security issues, and is probably working with some diligence to address the various problems as they arise. While the banking industry may be better prepared to address security issues, the automotive industry continues to learn how to manage the many security challenges it faces as their connected vehicles continue to proliferate," he asserted.

    More details on the research can be found in a post on Kaspersky Lab's Securelist blog. We'll keep you in the loop.

    Source: Kaspersky Lab.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer