According to a new report published on Friday, third-party smartphone apps for connected cars from top brands such as Tesla, Nissan, Renault, Ford, and Volkswagen are using the vehicle owners‘ credentials without their permission.
Furthermore, one in every five applications lacks contact information, making it impossible to report a problem, according to Kaspersky’s ‘Connected Apps’ report, which examined 69 popular third-party mobile apps designed to control connected cars.
“The benefits of a connected world are countless. However, it is important to note that this is still a developing industry, which carries certain risks,” said Sergey Zorin, Head of Kaspersky Transportation Security.
“Unfortunately, not all developers take a responsible approach when it comes to data storage and collection, which results in users exposing their personal information. This data may further be sold on the dark web and end up in untrustful hands,” he warned.
Cybercriminals may not only steal your data and personal credentials, but they may also gain access to your vehicle, posing physical threats.
Users of connected automotive applications can remotely control their vehicles by locking and unlocking doors, adjusting climate control, starting and stopping the engine, and so on.
Even though most car manufacturers have their own legitimate applications for the vehicles they manufacture, third-party apps designed by mobile developers are also very popular among users because they may offer unique features that the vehicle manufacturer has not yet introduced.
Kaspersky examined third-party applications for almost all major vehicle brands, with Tesla, Nissan, Renault, Ford, and Volkswagen among the top five cars most frequently controlled by such apps.
“However, these applications are not entirely safe to use,” claim Kaspersky researchers.
They discovered that more than half of the applications fail to warn users about the dangers of using the owner’s account from the original automaker’s service.
Furthermore, every fifth app lacks information on how to contact the developer or provide feedback, making it impossible to report a problem or request more information on the app’s privacy policy.
“It is also worth noting that 46 of the 69 applications are either free of charge or offer a demo mode. This has contributed to such applications being downloaded from the Google Play Store more than 239,000 times, which makes you wonder how many people are giving strangers free access to their cars,” the report mentioned.
