Car sharing applications can eliminate the stress of owning a car and having to pay for its maintenance. These apps are meant to make users' lives easier and transactions more convenient. One study, however, found that 13 common car sharing apps have flaws that serve as a risk to manufacturers and users.
According to a press release, the Kaspersky Lab tested 13 common car sharing apps and found that each contained several security issues. Similarly, the report found that malicious users are already making money from accounts stolen through these apps.
SEE: Mobile device computing policy (Tech Pro Research)
Once a criminal has gained access through the app they could then steal the vehicle, its details, or cause damage to it, according to the report. An attacker could manipulate the system in a variety of ways, including riding for free—or, more seriously— spying on users.
Perhaps more concerning is the amount of personal user information that is made vulnerable during these attacks. According to the report, even if a user believes they are connected to a legitimate car sharing site, they might be redirected to the attacker's site, granting the attacker access to passwords, PIN numbers, and the like.
Similarly, the report found another app vulnerability: Absence of defenses against reverse engineering. Because of this, hackers who understand how the app works can find vulnerabilities that allow them access to server-side infrastructure, the report noted.
User credentials could be stolen if the app doesn't have protection against app overlaying techniques. According to the report, this makes it easier for malicious apps to show phishing windows.
The report also noted that criminals could carry out illegal actions and steal personal data under other people's identities.
The Kaspersky Lab offered advice on how to avoid becoming a victim of such crimes. The report noted that Android users shouldn't root their devices, because this opens capabilities for malicious apps. Additionally, the report advised keeping your devices' software up to date and install security solutions to defend against cyberattacks.
The big takeaways for tech leaders:
- A report from the Kaspersky Lab found that 13 common car sharing apps contain vulnerabilities that could lead to personal data theft.
- To defend against attacks, the release encouraged mobile users to add more security to their phones.
- Reducing the risks of BYOD in the enterprise (TechRepublic)
- Free PDF download: A Winning Strategy for Cybersecurity (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Is your Android phone a 'toxic hellstew' of vulnerabilities? There's an app to help you find out (ZDNet)
- How to build a secure mobile app: 10 tips (TechRepublic)
Laurel Deppen is the 2018 summer Editorial Intern for TechRepublic. She is a student at Western Kentucky University.