Kaspersky Lab examined 13 car sharing applications from developers across various markets, which had been downloaded from the Google Play store more than one million times. The investigation found that all of the applications contain a multitude of security issues. "Our research concluded that, in their current state, applications for car sharing services are not ready to withstand malware attacks," said Victor Chebyshev, security expert at Kaspersky Lab.
The software company emphasises that although no attacks on car sharing services have been recorded yet, the data protection risks are nonetheless severe. There is no defence against man-in-the-middle attacks that continue to crop up in keyless vehicle access. Users are also not protected against reverse engineering, meaning criminals can hack the application functions and exploit vulnerabilities. Using app overlaying techniques malicious apps are able to show phishing windows and steal users’ personal data. According to Kaspersky, weak passwords and shared root privileges pose a similar risk.
Kaspersky Lab advises caution with use of car sharing apps
The results of the investigation are particularly alarming as a survey by Kaspersky Lab concerning app security showed that users are more careless with these applications. In comparison to other apps, users see these apps as presenting a less significant danger. Kaspersky advises users of car sharing apps to take the following measures: never root smart phones, always perform updates and install a trusted security solution.