Kaspersky Labs Reveal Crippling Vulnerabilities in Smart Cars from Android Apps
【Summary】In case you were wondering, the types of vehicular apps Kaspersky Lab tested were equipped with core smart car features, such as door unlock and engine start. A successful attack through such apps could easily lead to theft.
With numerous entry points, from Bluetooth connectivity to wireless key fobs, keeping smart cars secure is an incredibly difficult task. While automakers can easily monitor and secure their own applications and digital systems, it is impossible for companies to ensure the security of third-party, connected components, like USB dongles and smartphones. This is an issue that Kaspersky Lab, a leading cybersecurity firm based in Woburn, Massachusetts, uncovered in its latest analysis of Android apps released at the RSA 2017 security conference in San Francisco.
"Applications for connected cars are not ready to withstand malware attacks. We expect that car manufacturers will have to go down the same road that banks have already taken with their applications… After multiple cases of attacks against banking apps, many banks have improved the security of their products," said Victor Chebyshev, a Kaspersky Lab anti-malware researcher.
Reverse Engineering and Code Integrity Checks
Kaspersky Lab experts revealed that several smart car apps lack basic security features, allowing entry-level coders and hackers to manipulate the platforms with minimal effort. For example, the team found that most car apps aren't protected from reverse engineering. To prevent copying or product manipulation, most consumer service apps, pack or "scramble" layers of codes. Without this precautionary measure, anyone with basic knowledge of source codes could scan through the information and exploit flaws in the system. It would also be possible to automate such processes using code auditing programs.
Interestingly, the research group cited that all smart car apps tested during the study were missing a code integrity check feature. This feature is extremely useful in detecting and tracing digital attacks, as it warns the automaker or creator of the app about tampering of source codes. In case you were wondering, the types of vehicular apps Kaspersky Lab tested were equipped with core smart car features, such as door unlock and engine start. A successful attack through such apps could easily lead to theft.
SMS and Voice Commands
What about new smart car features, like SMS controls and voice commands? The cybersecurity firm recommends staying away from such features until they have been properly and thoroughly secured by the automaker. Compared to Android apps, SMS and voice commands, including integration with Microsoft's Cortana and Amazon's Alexa, are known for being incredibly easy to break into.
On a positive note, smart car attacks are very limited in a sense that not much can happen once a hacker is able to compromise the vehicle. Because ADAS is still very nascent in nature, the most a criminal could do is break into the car, turn the lights on and off or take down the infotainment system. Lastly, no cases of serious attacks have been reported surrounding smart car applications. This indicates that automakers still have time to secure their apps.
"How much time they have exactly is unknown. Modern Trojans are very flexible — one day they can act like normal adware, and the next day they can easily download a new configuration, making it possible to target new apps," said the firm.
Michael Cheng is a legal editor and technical writer with publications for Blackberry ISHN Magazine Houzz and Payment Week. He specializes in technology business and digesting hard data. Outside of work Michael likes to train for marathons spend time with his daughter and explore new places.
Waymo Receives Permit to Participate in California’s Autonomous Vehicle Pilot
How Do Autonomous Cars Deal with Double-parked Vehicles?
Kitty Hawk and Boeing Form Partnership to Make Flying Cars Safer
Waymo to Bring Driverless Cars to France and Japan via Nissan-Renault Partnership
Porsche Forecasts EVs Going Mainstream
Zomato Tests Drones for Food Deliveries in India
Alibaba Brings Tmall Genie to Audi, Honda and Renault Vehicles
Driverless Sensor Startup Sense Photonics Raises $26 Million in Series A Funding
- Volkswagen Unveils its ID.3, the Electric Car That Will Take On Tesla
- Porsche to Launch Online Vehicle Sales
- German Car Rental Company Nextmove Cancels its $5M Tesla Order Over Quality Issues
- General Motors May Bring Back Hummer as a New Electric Truck Brand
- The Fully-Electric Adventure Vehicles From Bollinger Motors to Start at $125,000
- Audi’s AI:Trail Quattro Concept Is the Autonomous, EV That Looks out of This World
- Penn State University Researchers Test 10-Minute EV Charges
- Auto Supplier Bosch to Manufacture Silicon Carbide Chips That Can Extend the Range of EVs
- Electric Vehicle Startup Canoo is Looking to Reinvent the EV & Car Ownership Model
- General Motors CEO Sets Sights on Selling 1 Million EVs Annually