The dangers of using third party apps in the vehicle. photo Kaspersky
Automotive apps allow drivers remotely control your vehicles and lock or unlock the doors, adjust the climate control, start and stop the engine and even adjust the heating level.
And while most of the drivers are compliant official applications that come from the factorythe popularity of third-party apps poses a growing danger.
Unlike the original software, the unofficial ones offer unique features and permissions which have not yet been introduced by the vehicle manufacturer and this makes them tempting.
The Kaspersky company analyzed apps from Tesla, Nissan, Renault, Ford and Volkswagen, which are the five remotely controllable car brands. However, its use is also not entirely safe, the researchers argue.
Vehicles can be controlled via a manufacturer app,
Company experts examined 69 third-party apps designed for connected cars and identified several risks that primarily impact privacy.
They found that more than half (58%) of the apps do not warn of the risks of spoofing the original carmaker’s service account.
“When they download a third-party app to remotely control their car, users need to be aware of the threats. We entrust a lot of private information to connected technology. Not all developers take a responsible approach and data collection often exposes private information, ”says Sergey Zorin, Director of Kaspersky.
Include a token, the key to protecting yourself
The ideal is to insert a token. (Volvo via AP)
The indicated is call an authorization token instead of username and password to appear more credible. The tricky part here is that if a token is tainted, criminals can access the cars the same way they would using victims’ credentials.
This means that the risk of losing control of the vehicle remains high, as the authorization token does not guarantee complete security.
Despite this, only 19% of developers of these apps mention it and warn the user without hiding it in several layers of small fonts.
In addition, one in seven app (14%) does not provide information on how to contact the app owner, making it impossible to report a problem or request information on the privacy policy.
The absence of details makes it clear that most are written by independent developers, which isn’t necessarily a bad thing.
However, they don’t have to worry about the safety of the user’s vehicle and data, as regulated vehicle manufacturers do.
It’s also worth noting that 46 of the 69 apps are free or offer a trial mode. This has contributed to the download of these types of applications from the Google Play Store more than 239,000 times, which makes one wonder how many people are giving free access to their car to strangers.
“The danger is that cybercriminals not only steal personal data and credentials, but also gain access to the vehicle, which could lead to physical threats,” says Zorin.
SL
Source: Clarin
