Kaspersky Lab: Τα privacy, οι ενημερώσεις λογισμικού και οι mobile devices applications for interconnected cars are potential targets for digital criminals.
Kaspersky Lab and the Interactive Advertising Bureau (IAB) in Spain presented the First Annual Study on Interlinked Cars, a groundbreaking survey.
The main purpose of the study is to offer a comprehensive overview of the connected car market, combining all available information to provide answers to important questions. In addition, the research attempts to look more holistically at the software ecosystem offered by car manufacturers today, which is highly fragmented. Vicente Diaz, Principal Security Researcher at Kaspersky Lab, was responsible for the part of the investigation that addressed the potential issues better safetys raised by connecting cars to the Internet.
Drivers can no longer ignore the security concerns of communications and Internet services included in the new generation of connected cars. Today, cars not only have electronic aids for driving, but also offer access to social networks and email accounts, smartphone connection, route calculation, etc. These technologies offer great advantages to drivers, but also bring new risks for the users. That is why it is necessary to analyze the factors that could lead to digital attacks and accidents.
Personal data, updates, and smartphone applications for these cars could be three separate attack agents for digital criminals. "Interconnected cars can open the door to long-standing threats in the world of PCs and smartphones. For example, vehicle owners may find that their codes have been stolen. In this way, the position of their vehicle could be located, while its doors could be unlocked remotely. Personal data protection issues are vital and today's drivers must be aware of the new risks that were not previously available, "said Diaz.
Kaspersky Lab's analysis, based on the study of BMW's ConnectedDrive system, has identified several potential carriers of digital attacks:
Stolen Identity Information: Η κλοπή των στοιχείων που απαιτούνται για την απόκτηση πρόσβασης στην ιστοσελίδα της BMW – με τη χρήση γνωστών μέσων, όπως το phishing, τα keyloggers ή η κοινωνική μηχανική – θα μπορούσε να οδηγήσει σε μη εξουσιοδοτημένη πρόσβαση τρίτων στις πληροφορίες του χρήστη και στη συνέχεια σε πρόσβαση και στο ίδιο το όχημα. Είναι ακόμα δυνατό κάποιος να εγκαταστήσει μια mobile εφαρμογή με τα ίδια στοιχεία πρόσβασης, η οποία θα μπορούσε να ενεργοποιήσει απομακρυσμένες υπηρεσίες πριν την έναρξη της mode of the vehicle.
Mobile Applications: If mobile services are activated that allow a car to be unlocked remotely, a new set of keys is essentially created. If the application is not protected, anyone can gain access to it car, αν κλέψει το τηλέφωνο του ιδιοκτήτη του. Με τη χρήση του κλεμμένου τηλεφώνου, ένας εγκληματίας θα μπορούσε να αλλάξει τη βάση δεδομένων των εφαρμογών και να παρακάμψει κάθε έλεγχο ταυτότητας που απαιτεί την εισαγωγή κωδικού PIN, καθιστώντας την ενεργοποίηση απομακρυσμένων υπηρεσιών εξαιρετικά εύκολη.
updates: Upgrading bluetooth drivers is done by downloading a file from the BMW website and installing it via USB. This file is not encrypted, and it has a lot of information about the internal drives that run on the vehicle. Thus, a criminal would be able to access the corresponding computer environment and modify it to "run" a malicious code.
Communications: Some features communicate with the SIM card inside the vehicle via SMS. Violation of this communication channel makes it possible to send "false" instructions, depending on the encryption level adopted by the administrator. In the worst case, a criminal could replace BMW's communications with his own instructions and services.
Η μελέτη εξετάζει ακόμα τη συνδεσιμότητα με το Διαδίκτυο και τις κορυφαίες εφαρμογές στον ισπανικό κλάδο του αυτοκινήτου. Επιπλέον, αναλύει τα επιχειρηματικά models και τις μελλοντικές τάσεις για τις πλατφόρμες συνδεσιμότητας. Η έκθεση, η οποία αναλύει 21 διαφορετικά μοντέλα αυτοκινήτων, έχει καταλήξει στα εξής συμπεράσματα:
- There is a great deal of fragmentation in operating systems, connectivity, and applications.
- Free services have time constraints: many manufacturers offer free subscription only for a certain amount of time
- There are coverage problems, as many online services need a 3G connection
- Data usage: Some users will have to pay for additional data
- Voice guides: Used by most models, as it is one of the safest ways to control connectivity.
The study was held by IAB Spain in partnership with Applicanttes, The Motor.com and Kaspersky Lab.
