Vehicle control programs face privacy risks

Thank you for reading the news on technology: Kaspersky: Vehicle Control Applications Facts Privacy Risks and now with the details

Cairo – Samia Sayed – Mobile applications for controlling and managing internet-connected vehicles offer several benefits to drivers that are easy, but can also be a source of risk, according to research conducted by Kaspersky experts on 69 popular mobile applications developed by third parties have been developed.

Experts were able to identify the most prominent threats that drivers face while using these applications. For example, they found that 58% of these applications use the access certificates of vehicle owners without asking their permission.

A fifth of these applications also do not contain contact information, which makes it impossible for a user to report a problem with the application. Kaspersky published these and other findings in a report entitled “Applications for Coupled Vehicles”.

Coupled vehicle applications offer a wide range of features to facilitate drivers, enabling users to, for example, remotely control their vehicles to lock or unlock doors, control air conditioning temperature, start and stop the engine, and so on.

Third-party applications designed by mobile application developers are popular among users, although most vehicle manufacturers manufacture their own official applications for the vehicles they make, as those applications may offer unique additional features that the manufacturers do not offer.

The external applications analyzed by Kaspersky cover almost all major vehicle brands, led by Tesla, Nissan, Renault, Ford and Volkswagen, with their vehicles being the vehicles most controlled by these applications. However, these applications are not completely safe to use, Kaspersky researchers confirmed.

The company’s experts examined 69 third-party applications designed for connected vehicles and identified privacy-related risks that drivers may encounter while using these applications. The experts found that more than half of these applications (58%) did not warn about the dangers of using the owner’s account with the vehicle manufacturer.

Some developers recommend using an authorization code instead of a username and password to make their application look more credible. The problem here, however, is that if an authorization code is compromised, hackers can gain access to vehicles in the same way that they can gain access to them using credentials. This means a greater risk of losing vehicle control. Therefore, users should be aware that they will be held accountable and that the use of authorization codes does not guarantee their complete security. But despite this, only 19% of developers called it honest and clearly warned users.

Furthermore, 14% of applications do not have information on how to contact the developer or provide feedback, which makes it impossible to report a problem or request more information about the application’s privacy policy.

The lack of official contact information and social networking pages shows that most of these applications were developed by hobbies. Hobby applications are not necessarily bad, but these developers do not think they need to show the safety of vehicles, users and data security, as manufacturers do.

It should also be noted that 46 of the 69 applications analyzed are either free or offer a trial usage pattern. As a result, such applications have been downloaded more than 239,000 times from the Google Play Store, raising questions about how many people give other people free access to their vehicles.

The benefits of Internet connectivity are endless, says Sergey Zorin, head of transportation security at Kaspersky, but he appealed to users when downloading a third-party application to remotely control their vehicles to be aware of potential threats, and note that the field “is still growing.” And so it poses certain dangers. ” “We find that many users trust connected technologies with their personal data, but they may not realize that some developers are not keen on taking a responsible approach to data collection and storage, leading to the disclosure of their personal information,” He said.

He added, “This data can eventually be sold to malicious actors on the dark web. Cybercriminals can also gain access to and control the vehicle because of this data, which creates threats to the safety of the vehicle and users. That’s why we do calls on application developers to make user protection a priority and to take precautions to prevent the vehicle and users from being exposed. ” their customers and themselves at risk.

Kaspersky experts recommend application developers to take the following measures:

• Adopt development solutions that secure application development by controlling the application at runtime, scanning it for vulnerabilities before deploying, and performing routine security checks on containers and testing of production tools to ensure they are protected from malware. The development process needs improved protection against outside interference, given the increasing frequency of supply chain attacks.

For users, Kaspersky experts recommend the following:

• Download applications only from official stores, such as the App Store, Google Play and Amazon Appstore. Although the applications in these stores are not completely secure, but they are at least subject to investigation by the store administrators, who implement some filtering systems, which means that restrictions are imposed on the applications before they reach these stores.

• Check program permissions and think twice before doing anything, especially when it comes to high-risk permissions such as access to Accessibility Services.

• Adopt a reliable security solution to help detect malicious applications and adware before they start behaving badly.

• Make sure you update your operating system and all software regularly, as many security issues can be resolved by installing updated versions of applications.

Leave a Comment