Cars are getting smarter and more connected, which means that people have to rely on apps. Apps help cars and their owner stay connected and use a plethora of features. However, security experts believe that these apps bring their fair share of risks. Security experts at Kaspersky experts analysed 69 popular third-party mobile applications designed to control connected cars and defined the main threats drivers may face while using them.
What are the risks associated with these apps?
According to Kaspersky, more than half (58%) of these applications use the vehicle owners’ credentials without asking for their consent. On top of this, one in five of the applications have no contact information, which makes it impossible to report a problem. While these apps to make Connected automotive applications provide a wide range of functions to make drivers’ lives easier. Some developers advise using the authorisation token instead of a username and password to look more credible. “The tricky part here is that, if a token is compromised, malefactors can get access to the cars the same way they would by using victims’ credentials,” noted Kaspersky in a report.
This means that the risk of losing control over the vehicles is still high. Users should be aware that everything is at their own risk and using authorisation tokens does not ensure total safety. Despite this, only 19% of developers mention this and warn the user without hiding it in several layers of fine print.
The third-party applications analysed by Kaspersky cover brands like Tesla, Nissan, Renault, Ford and Volkswagen in the top-5 cars most often controlled by such apps. However, these applications are not entirely safe to use, claim Kaspersky researchers.
46 of the 69 applications are either free of charge or offer a demo mode. “This has contributed to such applications being downloaded from the Google Play Store more than 239,000 times, which makes you wonder how many people are giving strangers free access to their cars,” pointed out Kaspersky in a report.