Android for cars: Secure connection?

Fast-forward 17 years and there are apps for everything — even your car. Chances are, if an app might make part of your life easier, someone will develop it and plenty of people will use it.

Over the past few years, the concept of the connected car has continued to evolve — and become reality. At this year’s RSA Conference in San Francisco, our anti-malware researchers Victor Chebyshev and Mikhail Kuzin presented research that they conducted on seven popular apps for vehicles.

The apps seem to make users’ lives easier by linking their Android devices to their automobiles, but we have asked: Are we trading security for convenience? And as with many IoT connected devices, the answer is, security needs to become more of a priority for developers and manufacturers.

The primary functions of these apps are to open doors and in many instances start the car. Unfortunately, flaws in the apps could be exploited by attackers:

No protection against application reverse engineering. As a result, malefactors can dig in and find vulnerabilities that give them access to server-side infrastructure or to the car’s multimedia system.
No code integrity check. This allows criminals to incorporate their own code in the app, adding malicious capabilities and replacing the original program with a fake one on user’s device.
No rooting detection techniques. Root rights provide Trojans with almost endless capabilities and leave the app defenseless.
Lack of protection against overlaying techniques. This allows malicious apps to show phishing windows on top of original apps’ windows, tricking users into entering login credentials in windows that send the info to criminals.
Storage of logins and passwords in plain text. Using this weakness, a criminal can steal users’ data relatively easily.

Upon successful exploitation, an attacker can gain control over the car, unlock the doors, turn off the security alarm and, theoretically, even steal the vehicle.

The researchers disclosed their findings to the developers (they did not disclose names of the apps publicly) and also told them that no exploitations had been seen in the wild. A full, detailed report on this can be found over on Securelist, where each of the apps is evaluated.

It’s easy to bury your head in the sand, thinking you won’t be hacked or that this is the stuff of science fiction, but the truth is, ever since its invention, the automobile has been a target for criminals. And if there is a hack to make things easier, just imagine the possibilities.

Another thing to keep in mind is that we’ve already seen vulnerabilities allow smart white-hat hackers to make the jump from “benign vulnerability” to controlling a car. Two of the bigger automotive stories of the past two years was about how Charlie Miller and Chris Valasek took control of a Jeep via vulnerabilities.

 

Ultimately, personal security and app usage come down to personal preference. Who we share our data with or entrust our convenience to is really up to us. With IoT devices and apps, convenience is too often considered before security.

In closing, Chebyshev notes:

“Applications for connected cars are not ready to withstand malware attacks. We expect that car manufacturer will have to go down the same road that banks have already taken with their applications… After multiple cases of attacks against banking apps, many banks have improved the security of their products.

“Luckily, we have not yet detected any cases of attacks against car applications, which means that car vendors still have time to do things right. How much time they have exactly is unknown. Modern Trojans are very flexible — one day they can act like normal adware, and the next day they can easily download a new configuration, making it possible to target new apps. The attack surface is really vast here.”

Share or Bookmark this post…
  • LinkedIn
  • Facebook
  • Google
  • TwitThis

IS YOUR CAR STILL WHERE YOU PARKED IT?



According to FBI reports, in 2015 in the US alone, a motor vehicle was stolen every 45 seconds.

We spend only a fraction of our time in our cars that we spend a lot of money on, so it’s good to know what goes on with our cars when we’re not around to watch them.

We can’t scare the thieves away or arrest them, but you’ll get a notification to your phone every time someone tries to compromise your car or tamper with the device – even when someone just hits your car while it’s parked, and tries to get away with it. The notification you receive from We will allow you to catch thieves or reckless drivers.

Even if you’re too late to catch the perpetrators on spot, We allows you to monitor the movement of your vehicle and report the location of your car to the authorities so they can retrieve it and return it to the safety of your garage.

With we car tracking feature you can even park your car wherever you like while you run your errands, without ever worrying if your car is safe or if you can remember where you parked it. We provides you peace of mind while your car is parked.

Share or Bookmark this post…
  • LinkedIn
  • Facebook
  • Google
  • TwitThis

What Car Warranty is Best for Me?

 

Whether you're shopping for a new or used car, most people have a general idea that a warranty is a good idea. Warranties are often considered to be a form of "insurance" - you pay out a fee and in exchange, your car will be fixed if anything on it breaks, but unfortunately, it's not quite that simple. There are different types of warranties and a warranty might not necessarily cover everything that you think it will. Here is everything you need to know:

What Exactly is an Auto Warranty?

A warranty is a contract between either you and your dealership or you and your manufacturer. At its simplest, a warranty sets out a specific amount of time and mileage; any defects and repairs that are necessary under that time and mileage amount are automatically covered under warranty. Warranties usually last around three years or 36,000 miles. They can also be extended upon vehicle purchase. This is very common when used vehicles are purchased. 

But an auto warranty is not a type of insurance even though it is often presented as one. Auto warranties are only designed to fix parts that are considered to be defective or faulty. They are not designed to fix parts that have broken down from wear-and-tear, collisions or other issues. There are also different types of auto warranties that you need to understand.

What Types of Warranty Coverage Exist?

  • Drivetrain and powertrain warranties - These warranties are designed to ensure that the very essential components of the vehicle last: the engine, transmission and the associated parts. Drivetrain and powertrain warranties protect against manufacturer defects of these components but will be voided if they haven't been properly serviced (such as with regular oil changes).
  • Bumper-to-bumper warranties - The standard bumper-to-bumper warranty is a three-year warranty (or 36,000 miles) that governs the parts of the vehicle from bumper-to-bumper. If these parts are considered to be defective, they will be repaired as needed.
  • Rust or corrosion warranties - This type of warranty is rarer but may be tacked on to the other warranty. This covers rust and corrosion if it occurs due to a defect.
  • Federal emissions warranties - This warranty is more popular now and will cover any repairs necessary to ensure that the vehicle meets its emissions standards.
  • Roadside assistance - This is another specialty warranty that offers roadside assistance if a vehicle breaks down. Most people already have this through their insurance.

How Does a Warranty Work?

To go through a warranty, you must first contact the vehicle entity you have a relationship with: either your dealer or your manufacturer. They will then direct you to the repair shop that will work with you. 

Warranties can be voided if an individual does not maintain their vehicle properly. Auto Tek provides complete auto services that will ensure that all the parts of your vehicle are well-maintained so that you can stay within your warranties. Contact our team of professionals today!

Share or Bookmark this post…
  • LinkedIn
  • Facebook
  • Google
  • TwitThis

Advanced Defensive Driving: Take it to the Next Level


According to the National Safety Council, a preventable accident “is one in which the driver failed to do everything that reasonably could have been done to avoid the crash.” Experts agree that driving defensively is your best bet at making sure a crash, collision, or accident doesn’t happen to you. We’ve already discussed the basic concepts behind defensive driving, which include scanning and visualizing everything, having an escape route, and not becoming distracted. Now let’s consider some more advanced, preventive measures a responsible driver can take to avoid a potentially life-threatening crash.

Maintain Your Car

Regular maintenance on your car significantly helps its road performance, especially in potentially hazardous driving situations. You can’t drive a car defensively if its tires are in need of air, windows, rearview mirror, and signal lights are dirty, and brake pads are worn to shreds. Here are a few steps you should take to keep your car running safely and efficiently:

  • Check Your Tires Make sure your tire pressure is where it should be. The recommended pressure for your car’s tires will be in your owner’s manual or in the driver’s side door jamb. When it comes to purchasing new tires, take into account the weather in your part of the country. Four snow tires total is the safest way to go if you anticipate driving in snow and ice.
  • Align Your Tires If while driving your car seems to drift to one side or the steering wheel vibrates, you may need to have the tires aligned. Alignment actually refers to a car’s suspension, which can move out of alignment over time due to normal driving, a minor accident, or bumping against a curb. Check your owner’s manual to see how often your car’s manufacturer recommends aligning your car’s tires. Alignment helps to ensure better handling, which is crucial for good defensive driving, as well as better gas mileage.
  • Clean Your Car A dirty windshield or rearview mirror will prevent you from scanning and visualizing the road for potential dangers. And grimy signal lights or head lights will prevent other drivers from seeing you in bad weather or at night, which pretty much negates any effort you make to be a good defensive driver.
  • Change Your Brake Pads If when braking, you hear squeaking or grinding, your brake pads may be worn out and in need of replacement. Knowing how and when to brake, especially in inclement weather, is a crucial skill for defensive driving. If you have an antilock brake system and need to stop in on an icy road, stomp on the pedal and when you feel the system’s pulses or hear it working, ease up a bit on the pedal until it’s only pulsing about once a second. If you don’t have ABS, you should push the brake hard and when the wheels stop turning, lift your foot so the wheels turn and rapidly press the brake again.

Other Advanced Defensive Driving Tips

  • Yield, Move, Get Out Of The Way Driving defensively, for the most part, involves avoiding overly aggressive drivers. It may be frustrating to just step aside in order to give a bad driver room to do whatever they want, but it is the safest thing to do, not only for yourself but for everyone else on the road. When you encounter a speeding driver pressuring you to go faster, move into another lane, even if it means going slower. As a defensive driver, accept the fact that you may have to sacrifice your right of way in order to avoid a speeding ticket or collision.
  • Plan a Route To avoid a time-consuming and potentially dangerous drive, plan out your route out in advance based on current weather, traffic, and road conditions. Local websites, radio, and even iPhone apps can provide you with the information you need before you hit the road and find yourself navigating road construction or an end-of-the-week traffic jam.
  • Take a Course There’s nothing wrong with taking a driving course to brush up your skills, even if you’ve been driving for years. The AARP even offers a very inexpensive driver safety course in both classroom and online environments. Check with your agent to see if completing a driving course will give you discount on your car insurance or on roadside assistance plans.
Share or Bookmark this post…
  • LinkedIn
  • Facebook
  • Google
  • TwitThis

Buying Peace of Mind: How to Buy a Used-Car Warranty



A certified pre-owned car with a warranty provided by the manufacturer is the safest bet in the used-car world. But if you’re not buying a CPO car from a franchise dealer, can you still get a warranty? Yes, but buying one can be tricky. The fact is, we all hope to find a company that will warranty a used car with 150,000 miles on it, sight unseen. But such companies don’t exist because there’s no way they can, as an example, buy everyone a new engine and transmission and still stay in business. So let’s look at the realistic options: Some dealer groups and used-car chains offer their own CPO warranty programs, but coverage is usually minimal. CarMax, which has more than 100 locations across the country, certifies its own cars, and everything it sells has a “limited 30-day warranty,” which is actually 60 days in Connecticut and 90 in Massachusetts due to local laws. CarMax also offers “MaxCare,” an extended service plan that expands the coverage to most of the mechanicals except for wear-and-tear items, fluids, wheels, glass, and trim. Check the website, which details what is and isn’t covered. Prices vary according to the coverage and car.

2010–2012 Chevrolet Camaro: A Certified Pre-Owned Guide
Feature: Pre-Owned Programs by Make and Model
Certified Pre-Owned: 2005–2009 Ford Mustang GT
There are also aftermarket warranties: In December 2009, we checked these out, and we didn’t like what we saw. A cluster of companies, most based in the St. Louis area, used high-pressure tactics to get signatures on warranty deals. One of the biggest, US Fidelis, previously known as National Auto Warranty Services, went bankrupt, and at least two of its executives went to prison. To avoid a scam, look for a company that has been in business for a long time. EasyCare, for instance, has been around since 1984. It was formerly purchased and owned by Ford, but the company’s employees and equity partners bought it back in 2007. The company sells its contracts outright, or through more than 2000 dealers, and while it recommends that you use the selling dealer for service, any licensed repair facility is acceptable. There are four different levels of coverage, and price varies by the level, the vehicle, and its mileage. The costs, however, are often negotiable.

Share or Bookmark this post…
  • LinkedIn
  • Facebook
  • Google
  • TwitThis

Ransomware: The Next Big Automotive Cyber security Threat?



Dozens of researchers have now shown that it’s possible to hack into a car and commandeer its controls. But in the real world, such dire automotive cyber attacks have yet to materialize.

That shouldn’t lull anyone into a false sense of security.  Both terrorists and hackers pose a serious threat to connected automobiles—and as many as three-quarters of new cars are expected to have internet connectivity on board by 2020, according to John Carlin, assistant attorney general for national security at the U.S. Department of Justice. Carlin said many vehicles, including self-driving cars, may soon be in danger of having their systems compromised. Also recognizing the problem, the National Highway Traffic Safety Administration (NHTSA) has just issued Cybersecurity Best Practices for Modern Vehicles, a guide for the auto industry.

“We’re on the cusp of a transformation, and the auto industry is at the front of that transformation,” Carlin said. “We can’t make the mistake again of not building in cyber security by design on the front end and preventing espionage or loss of life.” One of the most ominous cyber threats to cars could be the use of ransomware, a type of malware that literally locks users out of their systems–in this case, cars—until they pay a ransom to regain control.

This scourge has affected thousands of computer systems, ranging from individual PCs to networks in hospitals and other institutions. In a typical ransomware attack, the user is locked out and his or her data is encrypted or otherwise made inaccessible. Too often, the only recourse has been to pay.

“They want to drive trucks into civilians, and it’s not too much to think they can hack a car and do the same thing.”
– John Carlin, U.S. Department of Justice

“The current ransomware business model works well because the attackers ensure that the price paid is well worth the data restored,” explained Tony Lee, technical director at security research firm FireEye. “Can home users put a price on precious family photos or financial documents? Can organizations put a price on critical information necessary to conduct business? If that answer is yes and the price is low enough, the ransom will be paid.”

The same rationale can be extended to vehicles. Approximately 250 million connected cars are expected to be on roads worldwide by 2020, according to a 2015 analysis by technology consulting firm Gartner, making connected cars the next potential market for hackers. These attacks could range from simply locking motorists out of their vehicles to locking them inside; a more ominous scenario would allow hackers to freeze the ignition, essentially “bricking” the car and making it completely unusable.

Stephen Cobb, the senior security researcher at security provider ESET, recently coined the term “jackware” to distinguish this specific kind of automotive ransomware. He says that, although it hasn’t yet been encountered, there is little doubt it is already in development.

“The computer systems are designed, features are designed, products are brought to market, and people adopt them,” he said. “On the other side, hackers speculate, probe, develop a proof of concept, attack, and then finally monetize the threat.”

Fleets Might Be a Top Ransomware Target

Ransomware has long relied on social engineering to be successful—disguising itself in what might appear to be a helpful warning to fool unsuspecting users into exposing their operating systems. Think back to warnings you may have received that your computer was infected with a virus and you needed to pay to have it cleaned.

In vehicles, this could appear to be anything from warnings about vehicle warranties and services to notifications that a satellite-radio subscription will soon expire to threats of traffic violations. An unsuspecting motorist could react quickly to such warning, and suddenly find the car locked or worse.

“The bigger threat would be the possibility of disabling the vehicle in some way,” Lee said. “For example, locking the car, disabling the ignition, or engaging the emergency brake. The variety of ransomware will only be limited by the attacker’s creativity.”

If there’s good news, it’s that the effectiveness of any type of this scareware will quickly decline once motorists become aware of the avenue of attack.

Consumer vehicles may not be the primary target for these directed attacks, however. Commercial businesses and government agencies could find themselves on the receiving end of targeted attacks that take out an entire fleet of vehicles.

“Fleets and infrastructure act as a multiplier,” Lee said. “For example, if the average individual would pay $20 to regain control of their vehicle, imagine what a car-rental organization would pay–especially when they consider the cost for their loss of business and reputation. For well-organized attackers, this may end up being a numbers game, which may be similar to credit card theft and sale.

What Auto Execs Can Learn from Aviation

 

 Nearly three-quarters of vehicles sold this year will have a telematics system, according to Colin Bird, senior analyst of automotive technology at IHS Markit, and the likelihood of attacks will increase as more vehicles become more connected. At the same time, vehicle defenses haven’t yet caught up to the potential problems.

“There is no firewall between the telematics and data buses,” Bird said. “Right now, we’ve seen how hackers can take control by accessing the software ports, but they can also use RFID connections and soon it will be through the unprotected telematic systems. Right now, only certain OEMs are being proactive and are starting to install firewalls, but again, most cars have no security in place.”

“For well-organized attackers, this may end up being
a numbers game, which may be similar to credit-card
theft and sale.” – Tony Lee, FireEye

In catching up, the automotive industry may take a cue from other sectors in the transportation industry. Travel-technology provider SITA released its 2016 Airline Passenger IT Trends Survey, which found that 91 percent of airlines plan to invest in cyber security. This came after hackers infiltrated U.S. air-traffic-control systems last year, which grounded planes and put the detailed travel records of millions of people at risk.

In September, a FAA advisory body recommended that cyber security measures be taken to ensure that airline systems, as well as aircraft, can’t be hacked. This included calls for future industry-wide standards that would affect everything from aircraft design to flight operations to maintenance practices.

The auto industry will have to follow a similar plan, especially since there are already so many aftermarket products that run on proprietary software. Those efforts are underway; the automotive Information Sharing and Analysis Center (Auto-ISAC), a voluntary group of automakers and key suppliers focused on emerging cyber threats, started up in January.

But in the automotive world, the threats may be more complex. Today, a car can have upward of 30 million lines of code, meaning there are increasing opportunities for someone to do the wrong thing.

Share or Bookmark this post…
  • LinkedIn
  • Facebook
  • Google
  • TwitThis