Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.

 

The company’s experts discovered that all of the applications contain a number of security issues that can potentially allow criminals to take control of shared vehicles, either by stealth or under the guise of another user.

 

Once access is gained through the app, a criminal can do almost anything – from stealing the vehicle or its details, through to causing damage or using it for malicious purposes.

 

Apps are designed to make our lives easier and transactions more convenient. This concept has been taken one step further, with the advent of ‘sharing’ apps, which make everything from food delivery, through to taxi and car sharing a more cost-effective way of using services.

 

But while car sharing apps are invaluable for those on a low income and remove any overpayment of vehicle ownership or maintenance, they can also add a security risk for manufacturers and users alike.

 

To find out the extent of the problem, Kaspersky Lab researchers tested 13 car sharing applications, developed by major manufacturers from different markets, which – according to Google Play statistics – have been downloaded over 1 million times. The research discovered that each of the examined apps contained several security issues. Moreover, the researchers found that malicious users are already capitalizing on stolen accounts for car sharing applications.

 

The list of security vulnerabilities uncovered includes:

  • No defense against man-in-the-middle attacks. This means that while a user believes he is connected to a legitimate website, the traffic is actually being re-directed through the attacker’s site, allowing him to gather any personal data entered by the victim (login, password, PIN, etc.)
  • No defense against application reverse engineering. As a result, a criminal can understand how the app works and find a vulnerability that would allow him to obtain access to server-side infrastructure.
  • No rooting detection techniques. Root rights provide a malicious user with almost endless capabilities and leave the app defenseless.
  • Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users’ credentials
  • Less than half of applications demand strong passwords from users, meaning criminals can attack the victim through a simple brute force scenario.

 

Upon successful exploitation, an attacker can discreetly gain control of the car and use it for malicious purposes – from riding for free and spying on users, through to stealing the vehicle and its details, and even more serious scenarios like stealing users’ personal data and selling it on the black market for financial gain. This could lead to criminals carrying out illegal and dangerous moves on the roads under the guise of other people’s identities.

 

“Our research concluded that, in their current state, applications for car sharing services are not ready to withstand malware attacks. And while we have not yet detected any cases of sophisticated attacks against car sharing services, cybercriminals understand the value that such apps hold, and existing offers on the black-market point to the fact that vendors do not have much time to remove the vulnerabilities,” said Victor Chebyshev, security expert at Kaspersky Lab.

 

Kaspersky Lab researchers advise users of car sharing apps to follow these measures in order to protect their cars and private data from possible cyberattacks:

  • Don’t root your Android device, as this will open almost unlimited capabilities to malicious apps
  • Keep the OS version of your device up to date, to reduce vulnerabilities in the software and lower the risk of attack
  • Install a proven security solution, in order to protect your device from cyberattacks.

 

To learn more about the сar sharing threat, please read the blog post available at Securelist.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Kaspersky Lab Bags Two Wins At Networks Asia Information Management Awards 2018
Techworld Date Posted: 11 June 2018 4:19 PM | 445 Views
(From left) Jesmond Chang, Head of Corporate Communications for Kaspersky Lab APAC, receives the award from Nikolay Novozhilov, Head of Digital Products at NTUC Link   Kaspersky Lab announced its win of two cybersecurity.... See More
 
Kaspersky Lab Bags Two Wins At Networks Asia Information Management Awards 2018
Techworld Date Posted: 4:19 PM | 445 Views
(From left) Jesmond Chang, Head of Corporate Communications for Kaspersky Lab APAC, receives the award from Nikolay Novozhilov, Head of Digital Products at NTUC Link   Kaspersky Lab announced its win of two cybersecurity...See More

PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 1 August 2017 9:43 AM | 458 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing.... See More
PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 9:43 AM | 458 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing...See More

 
Kris Aquino, Bimby Give Three-Part Exclusive Tour of PLDT Home Fibr-Powered Home
Techworld Date Posted: 3 January 2018 2:26 PM | 260 Views
PLDT Home Ambassador and Queen of all Media Kris Aquino gave her viewers a treat this Christmas season through an exclusive corner-to-corner tour of her new, PLDT Home Fibr-powered home in Quezon City.. See More
 
Kris Aquino, Bimby Give Three-Part Exclusive Tour of PLDT Home Fibr-Powered Home
Techworld Date Posted: 2:26 PM | 260 Views
PLDT Home Ambassador and Queen of all Media Kris Aquino gave her viewers a treat this Christmas season through an exclusive corner-to-corner tour of her new, PLDT Home Fibr-powered home in Quezon City.See More

 
Streaming Movie Baywatch (2017)
Techworld Date Posted: 16 September 2017 9:37 AM | 203 Views
Fast-paced, on-the-go, and with a crucial priority for high-speed connectivity, the world today has increasingly higher and higher demands for the best Internet performance-and your Small Office/Home Office (SOHO) environment is no exception. Powered.... See More
 
Streaming Movie Baywatch (2017)
Techworld Date Posted: 9:37 AM | 203 Views
Fast-paced, on-the-go, and with a crucial priority for high-speed connectivity, the world today has increasingly higher and higher demands for the best Internet performance-and your Small Office/Home Office (SOHO) environment is no exception. Powered...See More

 
Fortinet Reports Third Quarter 2018 Financial Results
Techworld Date Posted: 6 November 2018 4:07 PM | 142 Views
Fortinet® (Nasdaq: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced financial results for the third quarter of 2018.. See More
 
Fortinet Reports Third Quarter 2018 Financial Results
Techworld Date Posted: 4:07 PM | 142 Views
Fortinet® (Nasdaq: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced financial results for the third quarter of 2018.See More

 
Kaspersky Lab Warns of Future Attacks against Digital Money, Urges OFWs to Be Cyber-Savvy to Protect Themselves Abroad
Techworld Date Posted: 7 March 2018 9:59 AM | 565 Views
With the consistent growth of money remittances from overseas Filipino workers (OFWs) and the rising use of digital payment systems in the Philippines, Kaspersky Lab recently emphasized the need for Filipinos to be more.... See More
 
Kaspersky Lab Warns of Future Attacks against Digital Money, Urges OFWs to Be Cyber-Savvy to Protect Themselves Abroad
Techworld Date Posted: 9:59 AM | 565 Views
With the consistent growth of money remittances from overseas Filipino workers (OFWs) and the rising use of digital payment systems in the Philippines, Kaspersky Lab recently emphasized the need for Filipinos to be more...See More

 
KINGMAX’S New iKey – Tiny USB Fingerprint Reader 1 Fingerprint to Keep Them All
Techworld Date Posted: 14 October 2017 2:22 PM | 227 Views
Do you have a whole book’s worth of passwords? How do you remember so many? Worry not, KINGMAX “iKey-Tiny USB Fingerprint Reader” is here. . See More
 
KINGMAX’S New iKey – Tiny USB Fingerprint Reader 1 Fingerprint to Keep Them All
Techworld Date Posted: 2:22 PM | 227 Views
Do you have a whole book’s worth of passwords? How do you remember so many? Worry not, KINGMAX “iKey-Tiny USB Fingerprint Reader” is here. See More

 
5 Simple WiFi Problems and the Easy Ways to Fix Them
Techworld Date Posted: 12 July 2018 4:09 PM | 491 Views
Home WiFi issues can be really frustrating, especially if you’re in the middle of sending an important work file, a video call with a relative living overseas, or a Netflix-bingeing marathon. But most of.... See More
 
5 Simple WiFi Problems and the Easy Ways to Fix Them
Techworld Date Posted: 4:09 PM | 491 Views
Home WiFi issues can be really frustrating, especially if you’re in the middle of sending an important work file, a video call with a relative living overseas, or a Netflix-bingeing marathon. But most of...See More

Frank Emmanuel Trazo
Steam Greenlight: An End of a Chaotic Era
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 6 September 2017 9:34 AM | 335 Views
On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval.... See More
Frank Emmanuel Trazo
Steam Greenlight: An End of a Chaotic Era
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 9:34 AM | 335 Views
On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval...See More

 
Kaspersky Lab Detects Roaming Mantis Attacking Smartphones in Asia via DNS Hijacking
Techworld Date Posted: 19 April 2018 4:25 PM | 999 Views
Kaspersky Lab researchers have discovered a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting smartphones, mostly in Asia. The campaign, dubbed Roaming Mantis remains highly active and is.... See More
 
Kaspersky Lab Detects Roaming Mantis Attacking Smartphones in Asia via DNS Hijacking
Techworld Date Posted: 4:25 PM | 999 Views
Kaspersky Lab researchers have discovered a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting smartphones, mostly in Asia. The campaign, dubbed Roaming Mantis remains highly active and is...See More


Power by

Download Free AZ | Free Wordpress Themes