A team of Kaspersky researchers have found serious vulnerabilities in mobie apps for connected cars that could let hackers track and unlock vehicles, according to a new article from Wired. The report indicates the growing need for more sophisticated digital identity security such as biometric authentication as connected cars continue to get smarter.
The researchers investigated nine smart car Android apps from seven companies, declining to name the car makers in question for fear of tipping off thieves to the security vulnerabilities. They found that by hacking into a phone’s root system or getting users to download malware, they could use the apps to geolocate cars and unlock them (though they only tested their methods on one car model).
The researchers say that they haven’t yet found real-world examples of such malware, but that online black market forums are already seeing posts requesting the kind of data that could be hacked with such software. They also assert that the vulnerabilities could be resolved relatively easily with safeguards like encryption or “adding two-factor authentication or fingerprint authentication,” Wired reports.
Such solutions are readily available, given the preponderance of fingerprint sensors on contemporary smartphones. It’s also worth noting that major car makers are starting to explore the integration of biometric authentication into the cars themselves, with major brands like Continental and Jaguar Land Rover experimenting with fingerprint authentication for ignition and even facial recognition for door unlocking. As car theft goes digital, such measures could help to protect drivers against these new threats.