Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.

 

The company’s experts discovered that all of the applications contain a number of security issues that can potentially allow criminals to take control of shared vehicles, either by stealth or under the guise of another user.

 

Once access is gained through the app, a criminal can do almost anything – from stealing the vehicle or its details, through to causing damage or using it for malicious purposes.

 

Apps are designed to make our lives easier and transactions more convenient. This concept has been taken one step further, with the advent of ‘sharing’ apps, which make everything from food delivery, through to taxi and car sharing a more cost-effective way of using services.

 

But while car sharing apps are invaluable for those on a low income and remove any overpayment of vehicle ownership or maintenance, they can also add a security risk for manufacturers and users alike.

 

To find out the extent of the problem, Kaspersky Lab researchers tested 13 car sharing applications, developed by major manufacturers from different markets, which – according to Google Play statistics – have been downloaded over 1 million times. The research discovered that each of the examined apps contained several security issues. Moreover, the researchers found that malicious users are already capitalizing on stolen accounts for car sharing applications.

 

The list of security vulnerabilities uncovered includes:

  • No defense against man-in-the-middle attacks. This means that while a user believes he is connected to a legitimate website, the traffic is actually being re-directed through the attacker’s site, allowing him to gather any personal data entered by the victim (login, password, PIN, etc.)
  • No defense against application reverse engineering. As a result, a criminal can understand how the app works and find a vulnerability that would allow him to obtain access to server-side infrastructure.
  • No rooting detection techniques. Root rights provide a malicious user with almost endless capabilities and leave the app defenseless.
  • Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users’ credentials
  • Less than half of applications demand strong passwords from users, meaning criminals can attack the victim through a simple brute force scenario.

 

Upon successful exploitation, an attacker can discreetly gain control of the car and use it for malicious purposes – from riding for free and spying on users, through to stealing the vehicle and its details, and even more serious scenarios like stealing users’ personal data and selling it on the black market for financial gain. This could lead to criminals carrying out illegal and dangerous moves on the roads under the guise of other people’s identities.

 

“Our research concluded that, in their current state, applications for car sharing services are not ready to withstand malware attacks. And while we have not yet detected any cases of sophisticated attacks against car sharing services, cybercriminals understand the value that such apps hold, and existing offers on the black-market point to the fact that vendors do not have much time to remove the vulnerabilities,” said Victor Chebyshev, security expert at Kaspersky Lab.

 

Kaspersky Lab researchers advise users of car sharing apps to follow these measures in order to protect their cars and private data from possible cyberattacks:

  • Don’t root your Android device, as this will open almost unlimited capabilities to malicious apps
  • Keep the OS version of your device up to date, to reduce vulnerabilities in the software and lower the risk of attack
  • Install a proven security solution, in order to protect your device from cyberattacks.

 

To learn more about the сar sharing threat, please read the blog post available at Securelist.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Online Dating: All You Need to Bag Yourself a Business Owner or Some Company Secrets
Techworld Date Posted: 28 November 2017 9:52 AM | 254 Views
The saying goes ‘don’t mix business with pleasure’, but research from Kaspersky Lab reveals business owners and employees could be unwittingly putting their companies at risk,. See More
 
Online Dating: All You Need to Bag Yourself a Business Owner or Some Company Secrets
Techworld Date Posted: 9:52 AM | 254 Views
The saying goes ‘don’t mix business with pleasure’, but research from Kaspersky Lab reveals business owners and employees could be unwittingly putting their companies at risk,See More

 
Team Group Leads Industry with MoStash Reader for iOS and the WC0C Charging Cable with 3-in-1 Connector
Techworld Date Posted: 8 September 2017 1:29 PM | 258 Views
September 7th, 2017, Taipei, Taiwan - Team Group is continuously dedicated to satisfying the needs of our consumers in every aspect so today Team Group announces the latest mobile peripherals with rich features with.... See More
 
Team Group Leads Industry with MoStash Reader for iOS and the WC0C Charging Cable with 3-in-1 Connector
Techworld Date Posted: 1:29 PM | 258 Views
September 7th, 2017, Taipei, Taiwan - Team Group is continuously dedicated to satisfying the needs of our consumers in every aspect so today Team Group announces the latest mobile peripherals with rich features with...See More

 
Mine a Million Kaspersky Lab Identifies Sophisticated Hacker Group Earning Millions through Mining Malware
Techworld Date Posted: 5 March 2018 4:48 PM | 272 Views
According to Kaspersky Lab researchers, cybercriminals have started using sophisticated infection methods and techniques borrowed from targeted attacks in order to install mining software on attacked PCs within organizations.. See More
 
Mine a Million Kaspersky Lab Identifies Sophisticated Hacker Group Earning Millions through Mining Malware
Techworld Date Posted: 4:48 PM | 272 Views
According to Kaspersky Lab researchers, cybercriminals have started using sophisticated infection methods and techniques borrowed from targeted attacks in order to install mining software on attacked PCs within organizations.See More

 
One Year On: Filipino Social Enterprises Better Equipped to Improve Quality of Education Following Completion of SAP Social Sabbatical Program
Techworld Date Posted: 14 July 2017 2:22 PM | 302 Views
Following the completion of SAP Social Sabbatical Program in the Philippines last year, two participating social enterprises, Teach for the Philippines and Silid Aralan (SAI), reported that their organizations are better able to fulfill.... See More
 
One Year On: Filipino Social Enterprises Better Equipped to Improve Quality of Education Following Completion of SAP Social Sabbatical Program
Techworld Date Posted: 2:22 PM | 302 Views
Following the completion of SAP Social Sabbatical Program in the Philippines last year, two participating social enterprises, Teach for the Philippines and Silid Aralan (SAI), reported that their organizations are better able to fulfill...See More

 
Dreaming of #FindingParadise this summer? Power Mac Center gives you a chance to win a trip to El Nido!
Techworld Date Posted: 5 May 2018 3:55 PM | 301 Views
Summer days are made for adventure and fun and luckily for us, the Philippines has no shortage of beautiful places to discover. This summer, Power Mac Center (PMC) is giving you a chance to.... See More
 
Dreaming of #FindingParadise this summer? Power Mac Center gives you a chance to win a trip to El Nido!
Techworld Date Posted: 3:55 PM | 301 Views
Summer days are made for adventure and fun and luckily for us, the Philippines has no shortage of beautiful places to discover. This summer, Power Mac Center (PMC) is giving you a chance to...See More

 
Mobile Malware Attacks Double in 2018, as Cybercriminals Sharpen Their Distribution Strategies
Techworld Date Posted: 8 March 2019 1:48 PM | 80 Views
Kaspersky Lab researchers have seen the number of attacks using malicious mobile software nearly double in just a year. In 2018, there were 116.5 million attacks compared to 66.4 million in 2017, with a.... See More
 
Mobile Malware Attacks Double in 2018, as Cybercriminals Sharpen Their Distribution Strategies
Techworld Date Posted: 1:48 PM | 80 Views
Kaspersky Lab researchers have seen the number of attacks using malicious mobile software nearly double in just a year. In 2018, there were 116.5 million attacks compared to 66.4 million in 2017, with a...See More

 
Five Videos to Make the Most of Video Every Day Promo this Holiday Season
Techworld Date Posted: 10 December 2018 4:36 PM | 150 Views
This Christmas season, you can make the rush hour traffic or the long lines at the mall just a little bit more bearable with Smart’s Video Every Day, which lets you enjoy up to.... See More
 
Five Videos to Make the Most of Video Every Day Promo this Holiday Season
Techworld Date Posted: 4:36 PM | 150 Views
This Christmas season, you can make the rush hour traffic or the long lines at the mall just a little bit more bearable with Smart’s Video Every Day, which lets you enjoy up to...See More

 
Lian Li Readies CES 2019 Showcase Featuring New Products and Collaborations
Techworld Date Posted: 9 January 2019 12:44 PM | 269 Views
Lian Li Industrial Co. Ltd., the world’s leading manufacturer of aluminum chassis for gaming enthusiasts, custom OEM/ODM case solutions and case accessories, is thrilled to invite everyone to the Consumers Electronics Show (CES) 2019. See More
 
Lian Li Readies CES 2019 Showcase Featuring New Products and Collaborations
Techworld Date Posted: 12:44 PM | 269 Views
Lian Li Industrial Co. Ltd., the world’s leading manufacturer of aluminum chassis for gaming enthusiasts, custom OEM/ODM case solutions and case accessories, is thrilled to invite everyone to the Consumers Electronics Show (CES) 2019See More

 
Data for Nothing: Fraudsters Use Fake Gift Cards to Lure Consumers into Handing Over Personal Data
Techworld Date Posted: 23 July 2018 2:37 PM | 434 Views
Kaspersky Lab experts have discovered the distribution of an unusual fraudulent scheme that tricks users into parting with their time and their data, for no return.. See More
 
Data for Nothing: Fraudsters Use Fake Gift Cards to Lure Consumers into Handing Over Personal Data
Techworld Date Posted: 2:37 PM | 434 Views
Kaspersky Lab experts have discovered the distribution of an unusual fraudulent scheme that tricks users into parting with their time and their data, for no return.See More

 
Kaspersky Lab Boosts Bug Bounty Program with New Reward of $100,000 – in Frame of its Global Transparency Initiative
Techworld Date Posted: 12 March 2018 10:41 AM | 710 Views
As part of its Global Transparency Initiative, Kaspersky Lab is extending its successful bug bounty program to include rewards of up to $100,000 for the discovery and responsible disclosure of severe vulnerabilities in some.... See More
 
Kaspersky Lab Boosts Bug Bounty Program with New Reward of $100,000 – in Frame of its Global Transparency Initiative
Techworld Date Posted: 10:41 AM | 710 Views
As part of its Global Transparency Initiative, Kaspersky Lab is extending its successful bug bounty program to include rewards of up to $100,000 for the discovery and responsible disclosure of severe vulnerabilities in some...See More


Power by

Download Free AZ | Free Wordpress Themes