Connect with us

Cars

Who will control your car?

Kaspersky has found that many of the apps in the connected car contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers. As a result, the company’s experts have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

During the last few years, cars have started actively connecting to the Internet. Connectivity includes not only their infotainment systems but also critical vehicle systems, such as door locks and ignition, which are now accessible online. With the help of mobile applications, it is now possible to obtain the location coordinates of the vehicle as well as its route, and to open doors, start the engine and control additional in-car devices. On the one hand, these are extremely useful functions. On the other hand, how do manufacturers secure these apps from the risk of cyberattacks?

In order to find this out, Kaspersky Lab researchers have tested seven remote car control applications developed by major car manufacturers, and which, according to Google Play statistics, have been downloaded tens of thousands, and in some cases, up to five million times. The research discovered that each of the examined apps contained several security issues.

The list of the security issues discovered includes:

·         No defense against application reverse engineering. As a result, malicious users can understand how the app works and find a vulnerability that would allow them to obtain access to server-side infrastructure or to the car’s multimedia system

·         No code integrity check, which is important because it enables criminals to incorporate their own code in the app and replace the original programme with a fake one

·         No rooting detection techniques. Root rights provide Trojans with almost endless capabilities and leave the app defenseless

·         Lack of protection against app overlaying techniques. This helps malicious apps to show phishing windows and steal users’ credentials

·         Storage of logins and passwords in plain text. Using this weakness, a criminal can steal users’ data relatively easily.

Upon successful exploitation, an attacker can gain control over the car, unlock the doors, turn off the security alarm and, theoretically, steal the vehicle.

In each case the attack vector would require some additional preparations, like luring owners of applications to install specially-crafted malicious apps that would then root the device and get access to the car application. However, as Kaspersky Lab experts have concluded from research into multiple other malicious applications which target online banking credentials and other important information, this is unlikely to be a problem for criminals experienced in social engineering techniques, should they decide to hunt for owners of connected cars.

“The main conclusion of our research is that, in their current state, applications for connected cars are not ready to withstand malware attacks. Thinking about the security of the connected car, one should not only consider the security of server-side infrastructure. We expect that car manufacturers will have to go down the same road that banks have already gone down with their applications. Initially, apps for online banking did not have all the security features listed in our research. Now, after multiple cases of attacks against banking apps, many banks have improved the security of their products. Luckily, we have not yet detected any cases of attacks against car applications, which means that car vendors still have time to do things right. How much time they have exactly is unknown. Modern Trojans are very flexible – one day they can act like normal adware, and the next day they can easily download a new configuration making it possible to target new apps. The attack surface is really vast here,” said Victor Chebyshev, security expert at Kaspersky Lab.

Kaspersky Lab researchers advise users of connected car apps to follow these measures in order to protect their cars and private data from possible cyberattacks:

·         Don’t root your Android device as this will open almost unlimited capabilities to malicious apps

·         Disable the ability to install applications from sources other than official app stores

·         Keep the OS version of your device up to date in order to reduce vulnerabilities in the software and lower the risk of attack

·         Install a proven security solution in order to protect your device from cyberattacks.

Cars

Two-thirds of adults ready for cars that drive themselves

The latest Looking Further with Ford Trends Report reveals that behaviour is changing across key areas of our lives

Self-driving cars are a hot topic today, but if you had to choose, would you rather your children ride in an autonomous vehicle or drive with a stranger? You may be surprised to learn that 67 per cent of adults globally would opt for the self-driving car.

That insight is one of many revealed in the 2019 Looking Further with Ford Trend Report, released last week. The report takes a deep look into the drivers of behavioural change, specifically uncovering the dynamic relationships consumers have with the shifting landscape of technology.

Change is not always easy, particularly when it is driven by forces beyond our control. In a global survey of 14 countries, Ford’s research revealed that 87 per cent of adults believe technology is the biggest driver of change. And while 79 per cent of adults maintain that technology is a force for good, there are large segments of the population that have significant concerns. Some are afraid of artificial intelligence (AI). Others fear the impact of technology on our emotional wellbeing.

“Individually and collectively, these behavioural changes can take us from feeling helpless to feeling empowered, and unleash a world of wonder, hope and progress,” says Kuda Takura, smart mobility specialist at Ford Motor Company of Southern Africa. “At Ford we are deeply focused on human-centric design and are committed to finding mobility solutions that help improve the lives of consumers and their communities. In the context of change, we have to protect what we consider most valuable – having a trusted relationship with our customers. So, we are always deliberate and thoughtful about how we navigate change.”

Key insights from Ford’s 7th annual Trends Report:

Almost half of people around the world believe that fear drives change
Seven in 10 say that they are energised by change
87 per cent agree that technology is the biggest driver of today’s change
Eight in 10 citizens believe that technology is a force for good
45 per cent of adults globally report that they envy people who can disconnect from their devices
Seven out of 10 consumers agree that we should have a mandatory time-out from our devices

Click here to read more about the seven trends for 2019.

Previous Page1 of 2

Continue Reading

Cars

At last, cars talk to traffic lights to catch ‘green wave’

By ANDRE HAINZLMAIER, head of development of apps, connected services and smart city at Audi.

Stop-and-go traffic in cities is annoying. By contrast, we are pleased when we have a “green wave” – but we catch them far too seldom, unfortunately. With the Traffic Light Information function, drivers are more in control. They drive more efficiently and are more relaxed because they know 250 meters ahead of a traffic light whether they will catch it on green. In the future, anonymized data from our cars can help to switch traffic lights in cities to better phases and to optimise the traffic flow.

In the USA, Audi customers have been using the “Time-to-Green” function for two years: if the driver will reach the lights on red, a countdown in the Audi virtual cockpit or head-up display counts the seconds to the next green phase. This service is now available at more than 5,000 intersections in the USA, for example in cities like Denver, Houston, Las Vegas, Los Angeles, Portland and Washington D.C. In the US capital alone, about 1,000 intersections are linked to the Traffic Light Information function.

Since February, Audi has offered a further function in North America. The purpose of this is especially to enable driving on the “green wave”. “Green Light Optimized Speed Advisory” (GLOSA) shows to the driver in the ideal speed for reaching the next traffic light on green.

Both Time-to-Green and GLOSA will be activated for the start of operation in Ingolstadt in selected Audi models. These include all Audi e-tron models and the A4, A6, A7, A8, Q3, Q7 and Q8 to be produced from mid-July (“model year 2020”). The prerequisite is the “Audi connect Navigation & Infotainment” package and the optional “camera-based traffic sign recognition”.

Why is this function becoming available in Europe two years later than in the USA? 

The challenges for the serial introduction of the service are much greater here than, for example, in the USA, where urban traffic light systems were planned over a large area and uniformly. In Europe, by contrast, the traffic infrastructure has developed more locally and decentrally – with a great variety of traffic technology. How quickly other cities are connected to this technology depends above all on whether data standards and interfaces get established and cities digitalise their traffic lights.

On this project, Audi is working with Traffic Technology Services (TTS). TTS prepares the raw data from city traffic management centres and transmits them to the Audi servers. From here, the information reaches the car via a fast Internet connection.

Audi is working to offer Traffic Light Information in further cities in Germany, Europe, Canada and the USA in the coming years. In the large east Chinese city of Wuxi, Audi and partners are testing networks between cars and traffic light systems in the context of a development project.

In future, Audi customers may be able to benefit from additional functions, for example when “green waves” are incorporated into the ideal route planning. It is also conceivable that Audi e-tron models, when cruising up to a red traffic light, will make increased used of braking energy in order to charge their batteries. Coupled with predictive adaptive cruise control (pACC), the cars could even brake automatically at red lights.

In the long term, urban traffic will benefit. When cars send anonymised data to the city, for example, traffic signals could operate more flexibly. Every driver knows the following situation: in the evening you wait at a red light – while no other car is to be seen far and wide. Networked traffic lights would then react according to demand. Drivers of other automotive brands will also profit from the development work that Audi is carrying out with Traffic Light Information – good news for cities, which are dependent on the anonymised data of large fleets to achieve the most efficient traffic management.

In future, V2I technologies like Traffic Light Information will facilitate automated driving. 

A city is one of the most complex environments for an autonomous car. Nevertheless, the vehicle has to be able to handle the situation, even in rain and snow. Data exchange with the traffic infrastructure can be highly relevant here. 

Continue Reading

Trending

Copyright © 2019 World Wide Worx