[ad_1]
Oana Cosman
Kaspersky Lab researchers examined the safety of 13 car-sharing apps from manufacturers in Europe, Russia, and the United States. The company's experts have discovered that all apps contain a number of security issues that could allow criminals to take control of commonly used vehicles, either secretly or using the identity of another user. . Once accessed via the app, an offender can do just about anything: steal the vehicle or
Applications are designed to make our lives and transactions easier. This concept has also been applied to sharing applications that can do everything from food delivery to taxi and car sharing to benefit from various services in a cost-effective manner. But if these car-sharing apps are very useful for low-income people, by eliminating the extra costs of maintaining and maintaining a car, it's equally true that may pose a risk to manufacturers and users.
To discover the magnitude of the problem, Kaspersky Lab researchers tested 13 car sharing applications, developed by major manufacturers in different markets which downloaded more than 39, a million times ] – according to statistics from Google Play. The search revealed that each application contained several security issues. In addition, experts have discovered malicious users who are already using stolen accounts for ridesharing applications.
This is all the more worrying as a recent Kaspersky Lab research on consumer attitudes towards application security has shown that Europeans do not see any threat in card-sharing applications compared to other applications, such as social media, messaging and banking services, less than 10% of respondents feel that they are unreliable
- there is no defensive against the attacks of the middle man . This means that a user thinks that he is connected to a legitimate site, but that the traffic is actually redirected to the attacker's site, allowing him to collect the personal data entered by the victim (user, password, PIN, etc.).
- There is no defense against reverse engineering Therefore, an offender can understand the operation of the application and find a vulnerability that will allow him to access the & # 39; 39, server infrastructure
- There are no techniques to detect rooting actions
- Lack of protection against overlapping techniques that allow dangerous applications to display phishing windows and steal user authentication data. [19659908] Half of the applications require complex user passwords, which means that offenders can attack victims through a simple "hardcore" scenario.
If he manages to exploit these vulnerabilities, an attacker can get, discreetly controlling the car and using it at will – to travel freely, spy on users and steal the vehicle and his data. It can also steal personal information from the user and sell it on the black market to make money. Thus, criminals could take dangerous or illegal actions on the roads to protect the identity of others
. "The conclusion of our research is that, as current car sharing applications are not ready to reject malicious attacks," says Victor Chebyshev. , security expert at Kaspersky Lab. "And while we have not yet detected sophisticated attacks on car sharing, cyber criminals understand the value of such apps, and the current black market offerings show that manufacturers have not a lot of time to eliminate the vulnerabilities. " [19659013] Kaspersky Lab researchers recommend that carpooling users follow a few steps to protect their cars and personal data against possible cyber attacks:
- Do not root for Android because it's a open door for hazardous applications;
- Keeping the device operating system up-to-date to reduce the number of software vulnerabilities and the risk of attack
- Install an effective security solution [19659015]! Function (f, b, e, v, n, t, s) {if (f.fbq) returns; n = f.fbq = function () {n.callMethod? n.callMethod.apply (n arguments): n.queue.push (arguments)}; if (! f._fbq) f._fbq = n; n.push = n; n.loaded = 0; n.version = 2.0 & # 39 ;; n.queue = [] t = b.createElement (s) t.async = 0 !; t.src = V s = b.getElementsByTagName (s) [0]; s.parentNode.insertBefore (t, s)} (window, document, 'script', 'https: //connect.facebook.net/en_US/fbevents.js'); fbq (& # 39; init; # 1006568302740428 & # 39;) fbq ("track", "Pageview");
[ad_2]
Source link
