Security issues come to light
Car management apps can stay linked to owners’ phones even after the vehicle is sold to someone else, a computer security researcher has warned.
According to the BBC report, IBM researcher Charles Henderson said his phone had stayed connected to a car for ‘years’ after he had sold it. He has subsequently called for vehicle manufacturers to improve how former owners are ‘separated’ from their vehicles.
In a speech at the RSA Security conference, Mr Henderson said that despite selling a car years ago he still knew where it was because there was no process in place to unhook connected-car apps from former owners.
‘The car is really smart, but it’s not smart enough to know who its owner is, so it’s not smart enough to know it’s been re-sold,’ Mr Henderson told the CNNTech news site.
Research by IBM suggested many more ‘smart’ devices remained linked to old owners when they were sold on, Mr Henderson said.
At the same conference, Kaspersky Lab published research about problems with seven Android apps used to connect to cars.
Six of the applications tested by Victor Chebyshev and Mikhail Kuzin did not encrypt user names and none had good protections against reverse engineering techniques or hijacking by malware.
‘An evildoer can covertly and quickly perform all of the actions in order to steal a car without breaking or drilling anything,’ the researchers highlighted in a paper.