The recently published Kaspersky Connected Apps report shows that over half of the third-party mobile applications, that control vehicle features, use owners’ credentials without asking for consent. Automakers have developed their own applications to manage their vehicles but the popularity of third-party applications has increased due to the unique features that they offer. However, users can be victims of cyberattacks due to lacking security standards.
“When downloading a third-party application to control your car remotely, users should be aware of possible threats. We entrust a lot of private information and personal data to connected technology. Unfortunately, not all developers take a responsible approach when it comes to data storage and collection, which results in users exposing their personal information. This data may later be sold on the dark web and end up in untrustful hands,” said Sergey Zorin, Head of Transportation Security, Kaspersky.
The applications analyzed in the report cover major vehicle brands such as Tesla and Nissan.Third-party applications have shown a high number of downloads as the majority of them are free. The Kaspersky’s report says that over 50 percent of app developers do not warn users of the risks of handing over their accounts. Moreover, 58 percent of the applications do not mention that they use the owner’s account with the automaker’s native service and around 14 percent of them do not provide information to contact the developers.
As cars continue adapting to emerging technologies and digital innovations, automotive brands are focusing on creating an entirely new relationship with drivers. However, the technology and connectivity in cars are making them susceptible to hacking. On average, vehicles have over 100 computers that control different functions such as warning systems and breaks. For this reason, cybersecurity measures must be implemented in the automotive industry to protect systems and components from malicious attacks and prevent unauthorized access and interference with safety functions, as reported by The National Highway Traffic Safety Administration.
“Cybercriminals might not only steal your data and personal credentials but also gain access to your vehicle and that might lead to physical threats. For these reasons, we urge application developers to make user protection a priority and take precautionary measures to avoid compromising customers and themselves,” added Zorin.
As the hacking of vehicles increases, automotive manufacturers need organizational, procedural and technical capabilities to address cybersecurity threats. In the next eight years, cybersecurity in the automotive industry is expected to double, from US$ 4.9 billion in 2020 to US$9.7 billion in 2030, as reported by McKinsey.
In general, cybersecurity is becoming essential across all sectors. In 2020, the Global Cybersecurity Index ranked Mexico as the 52th country with the best protection against cyberattacks. Although Mexico is one of the five countries with the best cybersecurity practices in Latin America, the country is still lacking data that could offer insights on the progress of legal regulations.