Internet-connected cars vulnerable to cyber attacks – Kaspersky Lab

kaspersky labs connected cars

Internet-connected cars are now becoming a reality and various international studies show that their market will continue to grow in the near future. But this emerging trend in the automotive industry can also become a new vehicle for cybercrimes, according to a leading developer of secure content and threat management solutions Kaspersky Lab.

Announcing the First Annual Connected Cars Study that seeks to provide an overview of the connected car market, Kaspersky Lab said motorists can no longer ignore safety concerns about the communications and Internet services included in the new generation of connected cars.

Kaspersky Lab said privacy, software updates and car-oriented mobile applications in Internet-connected cars are three areas where cybercriminals could potentially launch attacks.

“Connected cars can open the door to threats that have long existed in the PC and smartphone world,” said Vicente Diaz, the Principal Security Researcher at Kaspersky Lab who developed a proof of concept to analyze the safety implications of connecting these cars to the Internet.

“For example, the owners of connected cars could find their passwords are stolen. This would identify the location of the vehicle, and enable the doors to be unlocked remotely. Privacy issues are crucial and today’s motorists need to be aware of new risks that simply never existed before,” Diaz explained.

Kaspersky Lab findings are somewhat timely for the Philippines. According to a study released by market intelligence company Transparency Market Research, Asia-Pacific will be the fastest growing region in terms of connected cars.

“If this business forecast comes true, then Asia-Pacific countries like the Philippines must brace for cyber attacks on Internet-connected cars,” said Jimmy Fong, Channel Sales Director of Kaspersky Lab SEA.

Kaspersky Lab’s proof of concept, which was based on analyzing BMW’s ConnectedDrive system, found several vulnerabilities to potential attacks:

Stolen Credentials

Information needed to access BMW’s website can be stolen by using familiar means like phishing, keyloggers or social engineering. These methods could result in unauthorized third-party access to user information and then to the vehicle itself. From here, it is possible to install a mobile app with the stolen credentials and enable remote services before opening up the car and driving it away.

Mobile Application

By activating mobile remote opening services on a phone, a new set of virtual keys for your car are created. This could give anyone who steals your phone instant access to your vehicle. With the stolen phone, it would be possible to change database applications and bypass PIN authentication, making it easy for a cyber-attacker to activate remote services.

Updates

Bluetooth drivers are updated by downloading a file from the BMW website and installing it from a USB. The downloaded file, which is not encrypted or signed, contains a lot of information about the internal systems running on the vehicle. This could give a potential attacker access to the targeted environment and could also be modified to run a malicious code.

Communications

Some functions communicate with the SIM inside the vehicle using SMS. Hence, breaking into this communication channel makes it possible to send “fake” instructions, depending on the operator’s level of encryption. In a worst-case scenario, a criminal could replace BMW’s communications with his/her own instructions and services.

Kaspersky Lab said it is essential to analyze these different vectors that could result in cyber-attacks, accidents or even fraudulent maintenance of the vehicle.

With its First Annual Connected Cars Study, Kaspersky Lab aims to bring some unity to the highly fragmented software ecosystem currently offered by car manufacturers.

The study was conducted by Kaspersky Lab in collaboration with IAB Spain, Applicantes and Motor.com.

http://lifestyle.digitalspidey.com/2013/11/07/kaspersky-lab-study-reveals-surge-in-java-exploit-attacks-to-14-1-million-in-a-year/

Eli

Eli has 28 years of extensive IT sales expertise in Data, voice and network security and integrating them is his masterpiece. Photography and writing is his passion. Growing up as a kid, his father taught him to use the steel bodied Pentax and Hanimex 135mm film and single-direction flash, Polaroid cameras, and before going digital, he used mini DV tape with his Canon videocam. He now shoots with his Canon EOS 30D. Photography and blogging is a powerful mixture for him.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button