17 Apr 2017

In the past, we’ve told you about how manufacturers won’t make safer IOT devices until consumers demand it. We’ve also told you that downloading apps without verifying them might not hurt you now, but is the first crack that will lead to a larger breach in the future. Unfortunately, those facts are now combining into a powerful 1,2 cybersecurity punch in the last place you need it, your car.

Given how important our cars are to us, it’s no surprise that smartphone apps that do everything from telling you where the nearest gas station is to running diagnostics on your car have popped up by the dozen. Tesla even has a feature for their cars that allows it to pull out of a parking spot and up to driver without anyone in the car. As great as it is pretending you’re in Night Rider, the abundance of auto apps has made the marketplace for them full of potholes that could stop you and your car in your tracks. Recently, two Russian security experts from a firm called Kaspersky tested 9 different Android car connected auto apps and found that the apps weren’t even close to being secure. For example, 8 out of 9 apps stored the username, password, or both used to access the app as unencrypted data on the phone. Since these apps connect to cars, all it would take for a hacker to be able to do something like unlocking a locked car without a key would be to access the login credentials through the phone and hack the app. Thanks to the abundance of auto apps, a hacker would simply need to create a fake app that was carrying malware. Once the app was downloaded they could easily steal login credentials and access other parts of the phone.

The good news is that a flaw like this can be easily fixed, the bad news is that the people making the apps and cars they connect to have no reason to do so until consumers demand it. Just like manufacturers of IOT devices, the people making the apps are not worrying about their cybersecurity code because there haven’t been enough instances of cars being hacked through apps to worry consumers. Just because it hasn’t happened on a wide scale yet doesn’t mean we shouldn’t be preparing for hackers to target cars through apps, because hackers already are. On online hacking forums posts have been seen that offer to pay hackers to breach certain auto apps and retrieve the VIN number of the connected vehicle while also stealing the user’s login credentials.

Remember though, as of now popular auto apps are missing basic security features such as encryption and two-factor authentication. Most phones today even have a fingerprint scanner built in, so fixing these apps isn’t an impossible task. It’s up to you to make sure it happens though. If you want to help secure the future of auto connected apps the first step would be making sure you don’t support apps that don’t put user security first. This should be easy considering that by doing so you’ll be protecting your own privacy. If it becomes common practice to only download auto connected apps that have basic security features and to avoid unverified apps, then app manufacturers will be forced to make those features standard if they want a chance at being downloaded.

As of now the only thing standing between hackers and your car if you have an auto connected app is a chain link fence, and the hackers have plenty of wire cutters. If you want to put a solid stone wall up instead of a fence, take the time to research cybersecurity and make smart downloads.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top