Popular third-party mobile apps designed for connected vehicles such as Tesla, Nissan, Ford and Volkswagen can retrieve data without the owner’s consent, Kaspersky “Connected Apps” reported Monday.
“The benefits of a connected world are countless. However, it is important to note that this is still a developing industry, which carries certain risks,” said Sergey Zorin, Head of Kaspersky Transportation Security.
One in five third-party apps for connected cars don’t have contact information. This makes it impossible for users to report problems, according to Kaspersky’s ‘Connected Apps’ report which analyzed 69 apps.
“Unfortunately, not all developers take a responsible approach when it comes to data storage and collection, which results in users exposing their personal information. This data may further be sold on the dark web and end up in untrustful hands,” he warned.
Apart from contacts, another thing to watch out for is the potential data usage. Other people who have data from that third party have access to your car.
Most of the third-party applications are used to control the vehicle remotely such as opening or locking doors, adjusting climate control, starting and stopping the engine, and so on.
Most of the car manufacturers have their own official app. However some third-party app developers offer features that the official apps don’t have.
The third-party applications that Kaspersky analyzes cover almost all major vehicle brands, including Tesla, Nissan, Renault, Ford and Volkswagen.
“However, this application is not completely safe to use,” claim Kaspersky researchers.
Kaspersky researchers found that more than half of these applications did not provide a warning about the risk of data usage if the owner entered their personal data to run certain applications.