Kaspersky Lab in association with IAB, one of the marketing and digital media companies of Spain has released the research on Connected Cars Study. The research revolves around the connected car market. The aim was to answer all the questions surrounding the software ecosystems offered by the manufacturers and provide all the essential information about connected cars. Vicente Diaz, the principal researcher at the lab was assigned with the task of analysing the safety consequences of connecting the cars to the internet. Connecting the car with the internet is very helpful as it sorts out many things and also helps the driver in different manners. But at the same time it also introduces the threat to security and can also lead to fraudulent cyber-attacks.
The research suggests that privacy updates and smartphone apps are a way through which the vehicles can be attacked by the cyber-criminals and can also help them in stealing the vehicle. “Connected cars can open the door to threats that have long existed in the PC and smartphone world. For example, the owners of connected cars could find their passwords are stolen. This would identify the location of the vehicle, and enable the doors to be unlocked remotely. Privacy issues are crucial and today’s motorists need to be aware of new risks that simply never existed before,” said Diaz.
The Kaspersky Lab has also analysed different types of attacks possible. These include stolen credentials which are similar as phishing, keylogger or social engineering. Through this type of attack the criminal gets access to the user’s information and then to his vehicle. The other type of attack is possible through mobile application. One can create new set of keys for his car using the mobile remote opening service application. However, if the application is not safe then anyone who steals your phone will also get access to your car. It is often observed that files containing important information are updated via Bluetooth drivers. These files contain essential internal data are also not encrypted. These files act as an easy access path for the potential attacker. Certain types of communication channels also act as a passage for attacks. The attacker can easily access the information using the SIM inside the vehicle via SMS. With the help of this he can give fake instructions and can lead to theft of the vehicle.
The research also covers various online connectivity and apps of the Spanish automobile industry. The report has analysed 21 different models of the vehicles.