Skip to main content

Auto Company Apps Are Making It Easier For Car Thieves

By March 9, 2017May 25th, 2021Technology News

Another week, another big problem for the Internet of Things.

This time, it’s smart cars and the apps that surround them.

There are an increasing number of apps available for a growing number of makes and models of vehicles that can do everything from unlocking your car to starting it remotely. Unfortunately, as researchers at Kaspersky Labs have discovered, it’s almost embarrassingly easy to hack a variety of auto-related apps and use them to make stealing your smart, and supposedly more secure, vehicle a trivial matter.

While it’s true that all the apps the company tested were password-protected, almost none of them made any effort to protect the code, so even a low-skill hacker could examine it for potential security flaws to exploit.

Worse, none of them had any type of code integrity checking, meaning that the hackers were free to modify the code. Hackers could add any additional commands they wanted into it, and neither the app nor the vehicle owner would be the wiser. Also conspicuously absent was any form of root permission checking.

These are all glaringly obvious weaknesses in the design that most other industries address as their apps are being designed.

For the sake of comparison, if you examine auto-related apps against, say, banking apps, the difference is stark.

Banking apps are orders of magnitude more secure, and the companies that offer them take pains to keep customer data safe.

It should be stressed that this problem is not unique to smart cars, however. Virtually every smart object on the Internet of Things today suffers from an almost complete lack of security. In many cases, smart objects aren’t even password protected.

Given the cost of a modern vehicle, this is inexcusable, and we can only hope that sooner, rather than later, the tech industry will wake up to the very real risks and problems this attitude poses.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.