Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.

 

The company’s experts discovered that all of the applications contain a number of security issues that can potentially allow criminals to take control of shared vehicles, either by stealth or under the guise of another user.

 

Once access is gained through the app, a criminal can do almost anything – from stealing the vehicle or its details, through to causing damage or using it for malicious purposes.

 

Apps are designed to make our lives easier and transactions more convenient. This concept has been taken one step further, with the advent of ‘sharing’ apps, which make everything from food delivery, through to taxi and car sharing a more cost-effective way of using services.

 

But while car sharing apps are invaluable for those on a low income and remove any overpayment of vehicle ownership or maintenance, they can also add a security risk for manufacturers and users alike.

 

To find out the extent of the problem, Kaspersky Lab researchers tested 13 car sharing applications, developed by major manufacturers from different markets, which – according to Google Play statistics – have been downloaded over 1 million times. The research discovered that each of the examined apps contained several security issues. Moreover, the researchers found that malicious users are already capitalizing on stolen accounts for car sharing applications.

 

The list of security vulnerabilities uncovered includes:

  • No defense against man-in-the-middle attacks. This means that while a user believes he is connected to a legitimate website, the traffic is actually being re-directed through the attacker’s site, allowing him to gather any personal data entered by the victim (login, password, PIN, etc.)
  • No defense against application reverse engineering. As a result, a criminal can understand how the app works and find a vulnerability that would allow him to obtain access to server-side infrastructure.
  • No rooting detection techniques. Root rights provide a malicious user with almost endless capabilities and leave the app defenseless.
  • Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users’ credentials
  • Less than half of applications demand strong passwords from users, meaning criminals can attack the victim through a simple brute force scenario.

 

Upon successful exploitation, an attacker can discreetly gain control of the car and use it for malicious purposes – from riding for free and spying on users, through to stealing the vehicle and its details, and even more serious scenarios like stealing users’ personal data and selling it on the black market for financial gain. This could lead to criminals carrying out illegal and dangerous moves on the roads under the guise of other people’s identities.

 

“Our research concluded that, in their current state, applications for car sharing services are not ready to withstand malware attacks. And while we have not yet detected any cases of sophisticated attacks against car sharing services, cybercriminals understand the value that such apps hold, and existing offers on the black-market point to the fact that vendors do not have much time to remove the vulnerabilities,” said Victor Chebyshev, security expert at Kaspersky Lab.

 

Kaspersky Lab researchers advise users of car sharing apps to follow these measures in order to protect their cars and private data from possible cyberattacks:

  • Don’t root your Android device, as this will open almost unlimited capabilities to malicious apps
  • Keep the OS version of your device up to date, to reduce vulnerabilities in the software and lower the risk of attack
  • Install a proven security solution, in order to protect your device from cyberattacks.

 

To learn more about the сar sharing threat, please read the blog post available at Securelist.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Playing an Integral Part of the Nation’s Modernization through Security, Fire and Safety
Techworld Date Posted: 7 August 2018 10:14 AM | 402 Views
The second edition of the Philippines’ leading security, fire and safety event, IFSEC Philippines took place on 29 May – 1 June 2018 at the SMX Convention Center. Attended by 3,879 visitors from around.... See More
 
Playing an Integral Part of the Nation’s Modernization through Security, Fire and Safety
Techworld Date Posted: 10:14 AM | 402 Views
The second edition of the Philippines’ leading security, fire and safety event, IFSEC Philippines took place on 29 May – 1 June 2018 at the SMX Convention Center. Attended by 3,879 visitors from around...See More

 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 11 January 2018 9:32 AM | 218 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:. See More
 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 9:32 AM | 218 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:See More

 
Transcend Offers Lightning-enable Storage Solution, the Perfect Match for iOS Devices
Techworld Date Posted: 23 August 2017 1:44 PM | 216 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, is proud to introduce its bidirectional transmission and storage solution for iOS device users. Transcend's Lightning offerings, crafted for use with iOS.... See More
 
Transcend Offers Lightning-enable Storage Solution, the Perfect Match for iOS Devices
Techworld Date Posted: 1:44 PM | 216 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, is proud to introduce its bidirectional transmission and storage solution for iOS device users. Transcend's Lightning offerings, crafted for use with iOS...See More

 
Kaspersky Lab Boosts Bug Bounty Program with New Reward of $100,000 – in Frame of its Global Transparency Initiative
Techworld Date Posted: 12 March 2018 10:41 AM | 632 Views
As part of its Global Transparency Initiative, Kaspersky Lab is extending its successful bug bounty program to include rewards of up to $100,000 for the discovery and responsible disclosure of severe vulnerabilities in some.... See More
 
Kaspersky Lab Boosts Bug Bounty Program with New Reward of $100,000 – in Frame of its Global Transparency Initiative
Techworld Date Posted: 10:41 AM | 632 Views
As part of its Global Transparency Initiative, Kaspersky Lab is extending its successful bug bounty program to include rewards of up to $100,000 for the discovery and responsible disclosure of severe vulnerabilities in some...See More

 
Get First Dibs to Early Christmas Treats with Lazada’s Online Revolution Sale
Techworld Date Posted: 2 November 2017 3:19 PM | 489 Views
It is the happiest time of the year again. Christmas starts early in the Philippines, and Lenovo and Motorola join Filipinos young and old in welcoming Christmas season 2017 with an early Christmas treat.... See More
 
Get First Dibs to Early Christmas Treats with Lazada’s Online Revolution Sale
Techworld Date Posted: 3:19 PM | 489 Views
It is the happiest time of the year again. Christmas starts early in the Philippines, and Lenovo and Motorola join Filipinos young and old in welcoming Christmas season 2017 with an early Christmas treat...See More

 
SAP Appoints Claus Andresen as President and Managing Director of Southeast Asia
Techworld Date Posted: 3 August 2017 2:46 PM | 176 Views
SAP (NYSE: SAP) today announced the appointment of Claus Andresen as President and Managing Director of SAP Southeast Asia, promoted from Chief Operating Officer of SAP Indian Subcontinent. Andresen will report directly to Scott.... See More
 
SAP Appoints Claus Andresen as President and Managing Director of Southeast Asia
Techworld Date Posted: 2:46 PM | 176 Views
SAP (NYSE: SAP) today announced the appointment of Claus Andresen as President and Managing Director of SAP Southeast Asia, promoted from Chief Operating Officer of SAP Indian Subcontinent. Andresen will report directly to Scott...See More

 
UnionBank Innovates Operations on the Cloud
Techworld Date Posted: 14 September 2018 3:09 PM | 53 Views
SAP SE (NYSE: SAP) has announced that UnionBank of the Philippines, a publicly-listed universal bank, commenced S/4 HANA hosted out of HANA Enterprise Cloud (HEC) to fuel its digital transformation in the banking sector..... See More
 
UnionBank Innovates Operations on the Cloud
Techworld Date Posted: 3:09 PM | 53 Views
SAP SE (NYSE: SAP) has announced that UnionBank of the Philippines, a publicly-listed universal bank, commenced S/4 HANA hosted out of HANA Enterprise Cloud (HEC) to fuel its digital transformation in the banking sector....See More

 
From Shaking Their Hands to Paying off Their Debts: Third party Cybersecurity Failures Cost Businesses the Most
Techworld Date Posted: 25 September 2017 11:26 AM | 187 Views
While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of.... See More
 
From Shaking Their Hands to Paying off Their Debts: Third party Cybersecurity Failures Cost Businesses the Most
Techworld Date Posted: 11:26 AM | 187 Views
While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of...See More

 
Kaspersky Lab Appoints New General Manager for Southeast Asia
Techworld Date Posted: 1 March 2018 2:44 PM | 615 Views
Global cybersecurity company Kaspersky Lab has announced the appointment of Yeo Siang Tiong as its new General Manager for the Southeast Asia (SEA) region covering Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam. See More
 
Kaspersky Lab Appoints New General Manager for Southeast Asia
Techworld Date Posted: 2:44 PM | 615 Views
Global cybersecurity company Kaspersky Lab has announced the appointment of Yeo Siang Tiong as its new General Manager for the Southeast Asia (SEA) region covering Indonesia, Malaysia, the Philippines, Singapore, Thailand, and VietnamSee More

 
Epson Philippines Celebrates 20 Years of Leading the Show
Techworld Date Posted: 26 September 2018 3:48 PM | 82 Views
Epson Philippines Corporation (EPC) celebrated its 20th year anniversary at the Grand Ballroom of the Grand Hyatt Hotel in BGC, Taguig City. . See More
 
Epson Philippines Celebrates 20 Years of Leading the Show
Techworld Date Posted: 3:48 PM | 82 Views
Epson Philippines Corporation (EPC) celebrated its 20th year anniversary at the Grand Ballroom of the Grand Hyatt Hotel in BGC, Taguig City. See More


Power by

Download Free AZ | Free Wordpress Themes