Home > Cars > Millions of cars vulnerable to entry with hacked…

Millions of cars vulnerable to entry with hacked Android connected car apps

Why it matters to you

Easily hacked Android car apps might lead not to car theft but identity theft.

Be wary of Android connected car apps. As cool as it can be to have an app that makes your smartphone a remote control for your car or truck, the same app could be hacked to let thieves enter your car. That’s the message from researchers at Kaspersky, a Russian security company, according to a report by Wired.

Kaspersky focused on breaking Android connected car apps, as iOS phones are apparently less easy to hack. The researchers discovered that seven of nine connected car apps they tested were hackable. The two primary means of hacking the software were rooting and adding software to the phone.

With a rooted phone, hackers could gain access to the phone’s operating system to make changes or to access private information. Other hacking approaches entail fooling owners into downloading either previously hacked versions of the connected car software, or malware that detects when a connected car app launches. In any case, the aim would be to obtain login credential for the car app.

The researchers did not make public the specific apps they tested, preferring not to pass on any tips to hackers and thieves. They reported that the hacked apps would allow entry to the vehicles, but not start and drive them away. That could however be fine with many thieves. Identity theft is often the primary purpose of car break-ins, Chris McDonald, Chair of the Vehicle Crimes Committee, International Association of Chiefs of Police told Digital Trends. 

The Kaspersky researchers told Wired they informed car companies about the security issues, which aren’t bugs, but a lack of defense. “Why don’t connected car application developers care about security as much as the developers of banking applications?” asks Kaspersky researcher Viktor Chebyshev. “They’re also controlling very valuable things for the user, but they’re not thinking about security mechanisms.”