Third-party smartphone apps for connected cars belonging to top brands like Tesla, Nissan, Renault, Ford, and Volkswagen are using the vehicle owners’ credentials without asking for their consent, a new report claimed on Friday.
On top of this, one in five of applications have no contact information, which makes it impossible to report a problem, according to Kaspersky’s ‘Connected Apps’ report which analysed 69 popular third-party mobile apps designed to control connected cars.
“The benefits of a connected world are countless. However, it is important to note that this is still a developing industry, which carries certain risks,” said Sergey Zorin, Head of Kaspersky Transportation Security.
“Unfortunately, not all developers take a responsible approach when it comes to data storage and collection, which results in users exposing their personal information. This data may further be sold on the dark web and end up in untrustful hands,” he warned.
Cybercriminals might not only steal your data and personal credentials but also gain access to your vehicle – and that might lead to physical threats.
Connected automotive applications allow users to remotely control their vehicles by locking or unlocking the doors, adjusting climate control, starting and stopping the engine, etc.
Even though most car manufacturers have their own legitimate applications for the cars they make, third-party apps designed by mobile developers are also very popular among users as they may offer unique features that have not yet been introduced by the vehicle manufacturer.
The third-party applications analysed by Kaspersky cover almost all major vehicle brands, with Tesla, Nissan, Renault, Ford and Volkswagen in the top-5 cars most often controlled by such apps.
“However, these applications are not entirely safe to use,” claim Kaspersky researchers.
They found that more than half of the applications don’t warn about the risks of using the owner’s account from the original automaker’s service.
Moreover, every fifth application does not have information on how to contact the developer or give feedback, making it impossible to report a problem or request more information on the app’s privacy policy.
“It is also worth noting that 46 of the 69 applications are either free of charge or offer a demo mode. This has contributed to such applications being downloaded from the Google Play Store more than 239,000 times, which makes you wonder how many people are giving strangers free access to their cars,” the report mentioned. Source: IANS