Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.

 

The company’s experts discovered that all of the applications contain a number of security issues that can potentially allow criminals to take control of shared vehicles, either by stealth or under the guise of another user.

 

Once access is gained through the app, a criminal can do almost anything – from stealing the vehicle or its details, through to causing damage or using it for malicious purposes.

 

Apps are designed to make our lives easier and transactions more convenient. This concept has been taken one step further, with the advent of ‘sharing’ apps, which make everything from food delivery, through to taxi and car sharing a more cost-effective way of using services.

 

But while car sharing apps are invaluable for those on a low income and remove any overpayment of vehicle ownership or maintenance, they can also add a security risk for manufacturers and users alike.

 

To find out the extent of the problem, Kaspersky Lab researchers tested 13 car sharing applications, developed by major manufacturers from different markets, which – according to Google Play statistics – have been downloaded over 1 million times. The research discovered that each of the examined apps contained several security issues. Moreover, the researchers found that malicious users are already capitalizing on stolen accounts for car sharing applications.

 

The list of security vulnerabilities uncovered includes:

  • No defense against man-in-the-middle attacks. This means that while a user believes he is connected to a legitimate website, the traffic is actually being re-directed through the attacker’s site, allowing him to gather any personal data entered by the victim (login, password, PIN, etc.)
  • No defense against application reverse engineering. As a result, a criminal can understand how the app works and find a vulnerability that would allow him to obtain access to server-side infrastructure.
  • No rooting detection techniques. Root rights provide a malicious user with almost endless capabilities and leave the app defenseless.
  • Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users’ credentials
  • Less than half of applications demand strong passwords from users, meaning criminals can attack the victim through a simple brute force scenario.

 

Upon successful exploitation, an attacker can discreetly gain control of the car and use it for malicious purposes – from riding for free and spying on users, through to stealing the vehicle and its details, and even more serious scenarios like stealing users’ personal data and selling it on the black market for financial gain. This could lead to criminals carrying out illegal and dangerous moves on the roads under the guise of other people’s identities.

 

“Our research concluded that, in their current state, applications for car sharing services are not ready to withstand malware attacks. And while we have not yet detected any cases of sophisticated attacks against car sharing services, cybercriminals understand the value that such apps hold, and existing offers on the black-market point to the fact that vendors do not have much time to remove the vulnerabilities,” said Victor Chebyshev, security expert at Kaspersky Lab.

 

Kaspersky Lab researchers advise users of car sharing apps to follow these measures in order to protect their cars and private data from possible cyberattacks:

  • Don’t root your Android device, as this will open almost unlimited capabilities to malicious apps
  • Keep the OS version of your device up to date, to reduce vulnerabilities in the software and lower the risk of attack
  • Install a proven security solution, in order to protect your device from cyberattacks.

 

To learn more about the сar sharing threat, please read the blog post available at Securelist.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
KINGMAX’s Entry-Level M.2 PCIe SSD PJ3280 Satisfies the Need for Upgrades Where Speed Is of Paramount Importanc
Techworld Date Posted: 30 August 2018 4:56 PM | 209 Views
KINGMAX, a world-renowned professional memory manufacturer, has consummated its product line of M.2 2280 PCIe NVMe solid-state drives (SSDs). See More
 
KINGMAX’s Entry-Level M.2 PCIe SSD PJ3280 Satisfies the Need for Upgrades Where Speed Is of Paramount Importanc
Techworld Date Posted: 4:56 PM | 209 Views
KINGMAX, a world-renowned professional memory manufacturer, has consummated its product line of M.2 2280 PCIe NVMe solid-state drives (SSDs)See More

 
Longer, Expanding, Demanding: Botnet DDoS Attacks Highlighted in Kaspersky Lab Quarterly Report
Techworld Date Posted: 24 August 2017 11:42 AM | 308 Views
The second quarter of 2017 was proof that long-lasting DDoS attacks are back in business. The longest attack in the quarter was active for 277 hours (more than 11 days) - which is a.... See More
 
Longer, Expanding, Demanding: Botnet DDoS Attacks Highlighted in Kaspersky Lab Quarterly Report
Techworld Date Posted: 11:42 AM | 308 Views
The second quarter of 2017 was proof that long-lasting DDoS attacks are back in business. The longest attack in the quarter was active for 277 hours (more than 11 days) - which is a...See More

 
ADATA P10050C Power Bank Wins Golden Pin Design Award 2018
Techworld Date Posted: 20 October 2018 9:16 AM | 160 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, is proud to announce that its P10050C power bank has won the Golden Pin Design Award 2018. This win for the.... See More
 
ADATA P10050C Power Bank Wins Golden Pin Design Award 2018
Techworld Date Posted: 9:16 AM | 160 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, is proud to announce that its P10050C power bank has won the Golden Pin Design Award 2018. This win for the...See More

 
Symantec Unveils Industry’s First Neural Network to Protect Critical Infrastructure from Cyber Warfare
Techworld Date Posted: 13 December 2018 11:59 AM | 213 Views
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today introduced Industrial Control System Protection (ICSP) Neural, the industry’s first neural network-integrated USB scanning station that helps organizations protect critical infrastructure by preventing.... See More
 
Symantec Unveils Industry’s First Neural Network to Protect Critical Infrastructure from Cyber Warfare
Techworld Date Posted: 11:59 AM | 213 Views
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today introduced Industrial Control System Protection (ICSP) Neural, the industry’s first neural network-integrated USB scanning station that helps organizations protect critical infrastructure by preventing...See More

 
GeForce® Gamers Are Game Ready for Final Fantasy XV! PUBG Now even Faster!
Techworld Date Posted: 1 March 2018 2:55 PM | 950 Views
NVIDIA® has released a new Game Ready Driver for Final Fantasy XV Windows Edition. In addition, it provides a performance boost of up to 7% in PlayerUnknown’s Battlegrounds (PUBG), along with being optimised for.... See More
 
GeForce® Gamers Are Game Ready for Final Fantasy XV! PUBG Now even Faster!
Techworld Date Posted: 2:55 PM | 950 Views
NVIDIA® has released a new Game Ready Driver for Final Fantasy XV Windows Edition. In addition, it provides a performance boost of up to 7% in PlayerUnknown’s Battlegrounds (PUBG), along with being optimised for...See More

 
Sprout Solutions Supports Local Startup Community in PH through a Series of Free Learning Sessions
Techworld Date Posted: 16 December 2017 5:16 PM | 394 Views
Sprout Solutions, the fastest-growing Filipino tech startup providing a complete suite of HR software tools specifically made for the Philippine business environment, gives back by supporting the country’s startup community through its series of.... See More
 
Sprout Solutions Supports Local Startup Community in PH through a Series of Free Learning Sessions
Techworld Date Posted: 5:16 PM | 394 Views
Sprout Solutions, the fastest-growing Filipino tech startup providing a complete suite of HR software tools specifically made for the Philippine business environment, gives back by supporting the country’s startup community through its series of...See More

 
Half of Businesses Find It Hard to Identify a Serious Security Breach. Do You?
Techworld Date Posted: 8 November 2017 4:53 PM | 338 Views
Prevention is still the main pillar of corporate cybersecurity, says the report ‘New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks’ from Kaspersky Lab.. See More
 
Half of Businesses Find It Hard to Identify a Serious Security Breach. Do You?
Techworld Date Posted: 4:53 PM | 338 Views
Prevention is still the main pillar of corporate cybersecurity, says the report ‘New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks’ from Kaspersky Lab.See More

 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 26 October 2017 1:06 PM | 509 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,. See More
 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 1:06 PM | 509 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,See More

 
Chafer Cyberespionage Group Targets Embassies with Updated Homebrew Spyware
Techworld Date Posted: 7 February 2019 2:07 PM | 155 Views
Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during.... See More
 
Chafer Cyberespionage Group Targets Embassies with Updated Homebrew Spyware
Techworld Date Posted: 2:07 PM | 155 Views
Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during...See More

 
New Quadro-Powered Mobile Workstations Provide Ultimate Creative Freedom
Techworld Date Posted: 31 January 2017 3:30 AM | 518 Views
NVIDIA® recently announced that DELL™, HPI, Lenovo™, MSI®, and Fujitsu are all introducing advanced mobile workstations. See More
 
New Quadro-Powered Mobile Workstations Provide Ultimate Creative Freedom
Techworld Date Posted: 3:30 AM | 518 Views
NVIDIA® recently announced that DELL™, HPI, Lenovo™, MSI®, and Fujitsu are all introducing advanced mobile workstationsSee More


Power by

Download Free AZ | Free Wordpress Themes