New Research Finds Security Loopholes In Many Popular Android Apps For Connected Cars

New Research Finds Security Loopholes In Many Popular Android Apps For Connected Cars

According to a new research from Kaspersky Lab, many Android apps for connected cars have been found to be vulnerable against potential malware attacks. In a research carried out by Kaspersky’s two anti-malware researchers Victor Chebyshev and Mikhail Kuzin, it was discovered that some of the most popular Android applications for connected cars were not secured against potential attacks which, in turn, could give attackers limited but unauthorized access to the victim’s car.

Mr. Chrbyshev and Kuzin conducted research on seven popular Android applications for cars. The research was presented at the RSA Conference in San Fransisco this week. The names of these apps were not revealed by the researchers, given that it may negatively affect the reputation of these applications.

Researchers found that out of seven applications, two apps were simply not using encryption for storing sensitive data such as logins and passwords, while all of the seven apps discovered not using any integrity check or overlaying detection techniques. The researchers also discovered that all of the seven applications were not using any techniques to make it harder for attackers to reverse-engineer the application.

According to researchers, using these vulnerabilities in the app, attackers may remotely unlock the door or even steal a car “without breaking or drilling anything.” If you want to dig deeper, the full research report explaining each of the vulnerabilities in the applications is available here.

Given the ever increasing growth of connected cars and IoT devices, the research raises many questions over the security of connected devices and their accompanying applications, which often gets overlooked by the developers. Hopefully the developers behind the apps update their apps as soon as possible to prevent any potential attack in a relatively young platform.

Source: Ars Technica

Discuss This Story

You might also like