If you had a chance to enter a car recently, you must have seen the plethora of screens found on what used to be, not so long ago, a simple dashboard. Yes, this is the era of connected cars, where almost everything in your car is connected to the interment, helping you to park your car safely, keeping your car safe from accidents and even telling you the best route to wherever you might want to go.
Kaspersky Lab and IAB, a marketing and digital media company from Spain, recently launched a first of its kind study about the afore mentioned Connected cars.
Vicente Diaz, Principal Security Researcher at Kaspersky Lab, was responsible for developing a proof of concept to analyze the safety implications of connecting these cars to the Internet: “Connected cars can open the door to threats that have long existed in the PC and Smartphone world. For example, the owners of connected cars could find their passwords are stolen. This would identify the location of the vehicle, and enable the doors to be unlocked remotely. Privacy issues are crucial and today’s motorists need to be aware of new risks that simply never existed before.”
The research was based on analyzing BMW‘s ConnectedDrive system, and it found several attack potentials that have potential to rise to a serious threat level:
Stolen credentials, using the likes of Phishing, keyloggers or social engineering.
Mobile app – activating mobile remote opening service is in effect creating a new set of car keys. If your phone is stolen, your car is accessible to all sorts of attack.
Updates – Bluetooth drivers are updated by downloading a file from the BMW website and installing it from a USB. This file can, since it isn’t secured properly and has with it info regarding the car itself, can be modified to run malicious code or just give access to those who should not have one.
Communications – there is a sim inside the automobile, and it uses SMS to communicate with functions – cyber criminals can break into this, and replace BMW’s instructions with his own.