[ad_1]
Kaspersky Lab researchers examined the safety of 13 car-sharing applications from manufacturers in Europe, Russia and the United States. The company's experts have discovered that all apps contain a number of security issues that could allow criminals to take control of commonly used vehicles, either secretly or using the identity of another user. . Once accessed through the app, an offender can do just about anything: steal the vehicle or its data, cause harm, or use it for other malicious purposes.
Apps are designed to make our lives and transactions easier. This concept has also been applied to sharing applications that can do everything from food delivery to taxi and car sharing to benefit from various services in a cost-effective manner. But if these carpool apps are very useful for low-income people, by eliminating the additional costs associated with the maintenance and upkeep of a car, it's just as true that they can represent a risk for manufacturers and users.
To find out the magnitude of the problem, Kaspersky Lab researchers tested 13 car-sharing apps, developed by leading manufacturers in different markets, that have been downloaded more than a million times, according to Google Play statistics. The search revealed that each application contained several security issues. In addition, experts have discovered malicious users who are already using stolen accounts for car sharing apps.
This is all the more worrying as Kaspersky Lab's recent research on consumer attitudes towards application security has shown that Europeans do not see it. a threat to card sharing applications compared to other applications such as social media, messaging and banking, with less than 10% of respondents believing that they are not trustworthy
List of discovered security vulnerabilities includes:
- There is no defense against the attacks of the middle man. This means that a user thinks that he is connected to a legitimate site, but that the traffic is actually redirected to the attacker's site, allowing him to collect the personal data entered by the victim (user, password, PIN, etc.).
- There is no defense against reverse engineering. Therefore, an offender can understand the operation of the application and find a vulnerability that will allow him to access the server infrastructure.
- There is no technique for detecting rooting actions.
- Lack of protection against overlapping techniques that allow unsafe applications to display phishing windows and steal user authentication data
- Lack of protection against overlapping techniques allowing dangerous applications to display phishing windows. Half of the applications require complex passwords from users, which means that offenders can attack victims with a simple "brute force" attack scenario.
If he manages to exploit these vulnerabilities, an attacker can discreetly get control over the car and use it as much as possible – free trips, to spy on users and steal the vehicle and its data. It can also steal personal information from the user and sell it on the black market to make money. Thus, criminals could take dangerous or illegal actions on the roads, to protect the identity of others
"The conclusion of our research is that, like current car-sharing applications are not ready to reject malicious attacks, says Victor Chebyshev, security expert at Kaspersky Lab . "And even though we have not yet detected sophisticated attacks against car sharing, cybercriminals understand the value of such applications, and current black market offerings show that manufacturers do not have much time to eliminate vulnerabilities. "]
Kaspersky Lab researchers recommend car users to follow a few steps to protect their cars and personal data against possible cyber attacks:
- Do not root for Android because it's a door o uvere for applications (19659007) Keep the device operating system up-to-date to reduce the number of software vulnerabilities and the risk of attack
- Install an effective security solution
Source link