[ad_1]
Once accessed through the app, an offender can do just about anything: steal the vehicle or its data, cause harm, or use it to others malicious purposes.
Apps are designed to make our lives and transactions easier. This concept has also been applied to sharing applications that can do everything from food delivery to taxi and car sharing to benefit from various services in a cost-effective manner. But while these carpool apps are very useful for low-income people, eliminating the additional costs associated with the maintenance and upkeep of a car, it's also true that they can represent a risk to the safety of manufacturers and users.
To find out the magnitude of the problem, Kaspersky Lab researchers tested 13 car-sharing apps, developed by leading manufacturers in different markets, that have been downloaded more than a million times, according to Google Play statistics. The search revealed that each application contained several security issues. In addition, experts have found malicious users who are already using stolen accounts for ridesharing apps.
This is all the more worrisome since Kaspersky Lab's recent research on consumer attitudes to application security has shown that Europeans do not see a threat in card-sharing applications. compared to other applications such as social networks. Messaging and banking, less than 10% of respondents believe that they are not trustworthy
The list of discovered security vulnerabilities includes:
• There n There is no defensive attack against "man-in-the-middle" type attacks. This means that a user thinks that he is connected to a legitimate site, but that the traffic is actually redirected to the attacker's site, allowing him to collect the personal data entered by the victim (user, password, PIN, etc.).
• There is no defense against reverse engineering. Therefore, an offender can understand the operation of the application and find a vulnerability that will allow him to access the server infrastructure
• There is no technical allowing to detect the actions of rooting.
• Lack of protection against overlapping techniques that allow malicious applications to display phishing windows and steal user authentication data
] Less than half of applications require complex user passwords, which means that offenders can attack victims with a simple "hardcore" attack scenario
If he manages to exploit these vulnerabilities, an attacker can discreetly take control of the machine and use it as much as possible – from free traffic, to spying on users, and stealing the vehicle and his data. It can also steal personal information from the user and sell it on the black market to make money. Thus, offenders could undertake dangerous or illegal actions on the roads, protecting the identity of others.
"The conclusion of our research is that in the current state of the art, car sharing applications are not ready to reject malicious attacks," said Victor Chebyshev, security expert at Kaspersky Lab . "And even though we have not yet detected sophisticated attacks against carpools, cyber criminals understand the value of these apps, and the current black market offerings show that manufacturers do not have much of time to eliminate the vulnerabilities. " [19659002]
Kaspersky Lab researchers recommend that car-users follow a few steps to protect their cars and private data against possible cyber attacks:
• Do not root for Android because it is a
• Keeping the device operating system up-to-date to reduce the number of software vulnerabilities and the risk of attack
• Install an effective security solution.
Source link
