The researchers from the Kaspersky found that most of the android connected car apps, lacked even basic software defenses.Hackers could use any of the apps Kaspersky tested to locate a car, unlock it, and in some cases start its ignition.
Kapersky focused on breaking Android connected car apps, as iOS phones are apparently less easy to hack. The researchers discovered that seven of nine connected car apps they tested were hackable. The two primary means of hacking the software were rooting and adding software to the phone.
With a rooted phone, hackers could gain access to the phone’s operating system to make changes or to access private information. Other hacking approaches entail fooling owners into downloading either previously hacked versions of the connected car software, or malware that detects when a connected car app launches. In any case, the aim would be to obtain login credential for the car app.
The researchers did not make public the specific apps they tested, preferring not to pass on any tips to hackers and thieves. They informed car companies about the security issues, which aren’t bugs, but a lack of defense. “Why don’t connected car application developers care about security as much as the developers of banking applications?” asks Kaspersky researcher Viktor Chebyshev. “They’re also controlling very valuable things for the user, but they’re not thinking about security mechanisms.”