Connect with us

Cars

Who will control your car?

Published

on

Kaspersky has found that many of the apps in the connected car contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers. As a result, the company’s experts have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

During the last few years, cars have started actively connecting to the Internet. Connectivity includes not only their infotainment systems but also critical vehicle systems, such as door locks and ignition, which are now accessible online. With the help of mobile applications, it is now possible to obtain the location coordinates of the vehicle as well as its route, and to open doors, start the engine and control additional in-car devices. On the one hand, these are extremely useful functions. On the other hand, how do manufacturers secure these apps from the risk of cyberattacks?

In order to find this out, Kaspersky Lab researchers have tested seven remote car control applications developed by major car manufacturers, and which, according to Google Play statistics, have been downloaded tens of thousands, and in some cases, up to five million times. The research discovered that each of the examined apps contained several security issues.

The list of the security issues discovered includes:

·         No defense against application reverse engineering. As a result, malicious users can understand how the app works and find a vulnerability that would allow them to obtain access to server-side infrastructure or to the car’s multimedia system

·         No code integrity check, which is important because it enables criminals to incorporate their own code in the app and replace the original programme with a fake one

·         No rooting detection techniques. Root rights provide Trojans with almost endless capabilities and leave the app defenseless

·         Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users’ credentials

·         Storage of logins and passwords in plain text. Using this weakness, a criminal can steal users’ data relatively easily.

Upon successful exploitation, an attacker can gain control over the car, unlock the doors, turn off the security alarm and, theoretically, steal the vehicle.

In each case the attack vector would require some additional preparations, like luring owners of applications to install specially-crafted malicious apps that would then root the device and get access to the car application. However, as Kaspersky Lab experts have concluded from research into multiple other malicious applications which target online banking credentials and other important information, this is unlikely to be a problem for criminals experienced in social engineering techniques, should they decide to hunt for owners of connected cars.

“The main conclusion of our research is that, in their current state, applications for connected cars are not ready to withstand malware attacks. Thinking about the security of the connected car, one should not only consider the security of server-side infrastructure. We expect that car manufacturers will have to go down the same road that banks have already gone down with their applications. Initially, apps for online banking did not have all the security features listed in our research. Now, after multiple cases of attacks against banking apps, many banks have improved the security of their products. Luckily, we have not yet detected any cases of attacks against car applications, which means that car vendors still have time to do things right. How much time they have exactly is unknown. Modern Trojans are very flexible – one day they can act like normal adware, and the next day they can easily download a new configuration making it possible to target new apps. The attack surface is really vast here,” said Victor Chebyshev, security expert at Kaspersky Lab.

Kaspersky Lab researchers advise users of connected car apps to follow these measures in order to protect their cars and private data from possible cyberattacks:

·         Don’t root your Android device as this will open almost unlimited capabilities to malicious apps

·         Disable the ability to install applications from sources other than official app stores

·         Keep the OS version of your device up to date in order to reduce vulnerabilities in the software and lower the risk of attack

·         Install a proven security solution in order to protect your device from cyberattacks.

Cars

Car buyers to start abandoning fuel-power by 2025

Car buyers in the United States and Europe expect electric vehicles to become a viable alternative to fuel-powered cars in the next five years.

Published

on

A new report outlining consumer expectations of battery electric vehicles (BEVs) and their viability as replacements for traditional fuel-powered cars or internal combustion engine (ICE) vehicles suggests a massive shift beginning in 2025.

The conclusion emerges from a report by human behaviour and analytics firm Escalent, entitled The Future of BEV: How to Capture the Hearts and Minds of Consumers. It reveals the intent of many consumers in the United States and Europe to abandon ICE vehicles altogether, citing the improved infrastructure and range of BEVs.

The Future of BEV gives auto and mobility manufacturers a strategic view of the benefits of their products in the eyes of consumers and highlights the areas of opportunity for automakers to push the innovation boundaries of BEVs to spur broad adoption of the technology.

“While most buyers don’t plan to choose BEVs over gasoline-powered cars within the next five years, consumers have told us there is a clear intention to take BEVs seriously in the five years that follow,” says Mark Carpenter, joint managing director of Escalent’s UK office. “However, manufacturers will need to tap into the emotional value of BEVs rather than just the rational and functional aspects to seize on that intent and inspire broader consumer adoption.”

The study demonstrates a significant shift in consumers’ expectations that BEVs will become viable alternatives to—and competitors with—ICE vehicles over the coming decade. Though 70% of Americans plan to buy a gasoline-powered car within the next year, just 37% expect to make that same purchase in five to ten years. Similarly, while 50% of European consumers favour buying vehicles powered by gasoline and diesel in the near-term, that figure drops to just 23% in five to ten years.

At the same time, consumers on both sides of the Atlantic see BEV adoption rising to 36% in Europe and 16% in the US, with respondents also indicating intent to purchase hybrids and hydrogen-powered cars.

Infrastructure clearly continues to be one of the biggest barriers to adoption. While some work is being done in Europe as well as in the US, the data show there is a significant need for some players to take ownership if manufacturers want to move the needle on BEV adoption.

US and European consumers have stark differences in opinion as to which entities they believe are primarily responsible for providing BEV charging stations. American consumers consider carmakers (45%) the primary party responsible, followed by fuel companies, local government/transport authorities, and the national government in fourth. On the other hand, European consumers view the national government (29%) as the primary party responsible for providing BEV infrastructure, followed by carmakers, local government/transport authorities and fuel companies.

For a full copy of the report, visit https://landing.escalent.co/download-the-future-of-bev.

Continue Reading

Cars

Mercedes brings older models to the connected world

The Mercedes Me Adapter is designed to bring older Mercedes Benz models into the connected world, allowing one to keep a close eye on the car via a smartphone. SEAN BACHER installs a unit

Published

on

In this day and age, just about any device, from speakers to TVs to alarm systems, can be connected and controlled via a smartphone.

In keeping with this trend, Daimler Chrysler has launched a Mercedes Me Adapter – a system designed to connect your car to your phone.

The Mercedes Me Adapter comprises a hardware and software component. The hardware is an adapter that is no bigger than a match box and plugs into the OBD2 diagnostics socket under the car’s steering wheel column. 

The software component is the Mercedes Me app, which can be downloaded for Android and iOS devices. (See downloading instructions at the end of the review.)

Setting up

Before you can start using the Mercedes Me Adapter, you need to download the app and begin the registration process. This includes setting up an account, inputting the vehicle’s VIN number, the year it was manufactured and the model name – among many other details. This information is sent to Daimler Chrysler. It is advisable to get this done before heading off to Mercedes to have the adapter installed, as it takes quite some time getting all the details in.

The next step is locating your nearest Merc dealer to get the adapter installed. You have to produce the registration papers and a copy of your ID – something Mercedes neglects to mention on its website, or anywhere else, for that matter.

What it does

The Mercedes Me Adapter is designed to show the car’s vital statistics on your mobile device. On the home screen, information like parking time, odometer reading and fuel level is displayed.

Below that is information about your most recent journeys, such as the distance, time taken, departure address and destination address. Your driving style is also indicated in percentage – taking into account acceleration, braking and coasting.

A Start Cockpit button displayed on the home screen includes a range of widgets offering additional information, including where your car is parked – right down to the address – as well as battery voltage, total driving time, distance and driver score since the adapter was installed. A variety of other widgets can be added to the screen, allowing for complete customisation.

Many users have have pointed out that that there is no real point to the adapter. However it does offer benefits. Firstly, your trips can be organised into personal and business categories and then exported into a spreadsheet for tax purposes. Secondly, you can keep a very close eye on your fuel consumption, as it automatically measures how many litres you put in each time you visit the garage and the cost (the cost per litre must be entered manually so it can work out total refuelling costs). This is also quite beneficial in terms of working out how much fuel you go through, without keeping all the pesky slips when it comes to claiming at the end of the month.

Probably the most important benefit is that it monitors the engine, electrical, transmission and gearbox, sending notifications as soon as any faults are detected. A perfect example was encountered on a recent trip I made to Pretoria. Upon arriving, I received a notification that I needed to check my engine, with the Mercedes roadside assist number blinking and ready for me to dial.

The notification did not even show up on the actual fault detection system, except for the faint glow of the orange engine light, which I would never have noticed in the bright light. I immediately took it Mercedes and they diagnosed it as an intermittent thermostat error, which they said is fine for now but that I have to keep an eye on the engine temperature.

Conclusion

The convenience of easily being able to export mileage for tax purposes and refuelling stops as well as being able to locate your car at anytime should be more than enough to qualify it as a pretty useful companion for your car.

Add to this the fact that it is completely free from Mercedes, and that makes it an absolute no-brainer. Should you not like it, simply unplug the adapter and uninstall the app. The only thing lost is half an hour while the Mercedes technician sets it up, ensures it is working and gives you a crash course on how to operate the app.

The adapter will only work in Mercedes Benz models from 2002 onwards. No warranties are lost, as the adapter does not increase the car’s performance and is a genuine Mercedes part.

2017 models and above do not need the adapter as everything is installed when the car is manufactured. All one needs to do is install the app and pair it with the car.

Get the Mercedes me iOS app here

Get the Mercedes Me Android app here

Continue Reading

Trending

Copyright © 2020 World Wide Worx