Researchers at the Kaspersky Lab have been conducting a series of tests on seven products of major auto manufacturers. Their focus was on the applications the connected cars use to enable drivers to preserve their connectivity to the online world while traveling. They usually can offer certain entertaining and useful features such as audio playing, navigation, voice commands, car diagnosis, parking apps, and others. While these services were created for a more intuitive driving experience of the car owners, they are also showing a weak defense against cyber attacks.
The Kaspersky Lab has just released a new report according to which researchers came upon several weak points across the digital security of seven connected cars. Such a vehicle is updated with Internet access and a wireless network. As a consequence, drivers can still enjoy the services of the online world that they are accustomed to in their daily life.
Beside guidance, entertainment, and information, car owners can also take advantage of the latest technology to control their property from afar. Thus, by installing an application on their smartphones, they can perform different actions such as unlocking their cars, checking the battery status of their electric vehicles, finding their cars, or activating the climate control system.
However, these benefits can turn against them. Kaspersky researchers discovered several glitches in connected cars that cyber attackers can take advantage of. First of all, they figured out that such vehicles have no protection against application reverse engineering. Thus, hackers can gain access to the infrastructure of the server or the multimedia system. Moreover, the applications have no code for an integrity check. This means that hackers can replace the code with one of their own. The result would leave car owners with no original programs, but with fake ones.
Another set of security weaknesses can also allow Trojan viruses to penetrate the system and attack all apps at the same time. Another way hackers can easily gain access to a driver’s system is by phishing techniques. Due to a lack of protection, malicious users can deploy overlaying techniques in the form of familiar windows and steal their credentials. Finally, the list of credentials is displayed in plain text. This can end up serving a criminal the user’s data with no protective layers to stop them.
Image source: 1