Android Phone Hacks Give Attackers Ability to Unlock Cars

Media Division | February 17, 2017

There can be a lot of different intricacies and applications going on within a single piece of modern day technology.  And while the things that our devices are able to achieve can be absolutely marvelous, all of these different applications can potentially be exploited as well, if not defended properly.  Such is the case in a new study done by Kaspersky Labs upon apps from car companies that are used to unlock, locate, or even start up cars.

Kaspersky had tested nine different apps from seven car companies, that had been downloaded hundreds of thousands or millions of times.  A pair of researchers from the lab found that each of the apps had various security issues.  The security issues included such things as:

  • No methods of root detection
  • Logins and passwords were stored in plain text
  • No checking of code integrity
  • Lack of protection from reverse engineering of the application

If an attacker were to exploit the apps, then they could potentially locate the car, turn off the alarm, unlock the doors, and even theoretically steal the car.  Kaspersky says that attacks employed in this fashion would require some preparations, such as tricking the user to install a malicious app that would root the device, and they then would have access to the car application.  And while they are not aware of any malware currently being employed that could pull off these exploits, they point out the fact that the app code in itself displays that attackers could potentially exploit them.  They also bring up the fact that banking apps did not previously have the security being spoken of, but after many various attacks upon them, the security has been improved.  Car companies have the upper hand, in that they can implement formidable security before these types of exploits become realized.

Protecting Your Organization with Threat Intelligence Feeds

Cyber attacks can come from a variety of vectors, and it is important that organizations realize this, and establish their cyber security accordingly.  Cyber security is no longer a subject that organizations can be lackadaisical about.  Reactive security will always be an important component part, but there also needs to be proactive methods, which is where threat intelligence feeds can be of great value.  Threat intelligence feeds can provide alerts about various threats that are lurking or in development around the web, which allows organizations to defend from them before they can even launch an attack.  Massive Alliance offers extremely comprehensive threat intelligence feeds that can help to protect your organization from exploitation and breaches.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.