Connected car mobile applications offer several features to make life easier for motorists but can also be a source of risk, Kaspersky said.
Kaspersky experts have analyzed 69 popular third-party mobile applications designed to drive connected cars and defined the main threats drivers may face while using them. They found that more than half (58%) of these applications use the vehicle owners’ credentials without asking their permission. In addition, one in five applications has no contact information, making it impossible to report a problem. These and other findings are published in the new Kaspersky Connected Apps report.
Connected automotive applications offer many features to make drivers’ lives easier. For example, they allow users to remotely control their vehicles by locking or unlocking the doors, adjusting the climate control, starting and stopping the engine, etc. At the same time, most automakers have legitimate applications for the cars they manufacture. Third-party apps designed by mobile developers are also very popular among users as they can offer unique features that the car manufacturer has not yet introduced.
The third-party applications analyzed by Kaspersky cover almost all major car brands, with Tesla, Nissan, Renault, Ford, and Volkswagen among the top 5 cars most often managed by such apps. However, these programs are not completely safe to use, Kaspersky researchers claim.
The company’s experts examined 69 third-party applications designed for connected cars and identified the top privacy risks drivers could face when using them. They found that more than half (58%) of applications fail to warn about the risks of using the original automaker’s owner account.
Some developers recommend using the authorization token instead of a username and password to look more credible. The tricky part is that if a permit is compromised, culprits can access the cars like they would using victims’ credentials. This means that the risk of losing control of the vehicles is still high. Users should be aware that everything is at their own risk, and using authorization tokens does not guarantee total security. Despite this, only 19% of developers mention this and warn the user without hiding it in several layers of fine print.
In addition, every seventh (14%) application has no information about contacting the developer or providing feedback, making it impossible to report a problem or request more information about the app’s privacy policy. The absence of official contact details and social networking pages makes it clear that most of these apps are developed by enthusiasts, which isn’t necessarily bad. Still, deve, like regulated car manufacturerslopers, worry about your vehicle’s safety and data security.
It is also worth noting that 46 of the 69 applications are free or offer a demo mode. This has contributed to such applications being downloaded more than 239,000 times from the Google Play Store, which makes you wonder how many people give strangers access to their cars for free.
“The benefits of a connected world are countless. However, it is important to note that this is still an evolving industry, which carries certain risks,” said Sergey Zorin, Kaspersky’s head of transportation security.
“When downloading a third-party application to control your car remotely, users should be aware of possible threats. We entrust a lot of private information and personal data to connected technology. Unfortunately, not all developers are responsible for data storage and collection, through which users disclose their personal information.
“This data can be sold further on the dark web and end up in untrustworthy hands. In addition, cybercriminals can steal your data and personal login details and gain access to your vehicle – which can lead to physical threats,” he says.
“For these reasons, we urge application developers to prioritize user protection and take precautions to avoid putting their customers and themselves at risk.”