In the era of the connected car, automakers and third-party developers compete to turn smartphones into vehicular remote controls, allowing drivers to locate, lock, and unlock their rides with a screen tap. Some apps even summon cars and trucks in Knight Rider fashion. But phones can be hacked. And when they are, those car-connected features can fall into the hands of hackers, too.
That’s the troubling result of a test of nine different connected-car Android apps from seven companies. A pair of researchers from the Russian security firm Kaspersky found that most of the apps, several of which have been downloaded hundreds of thousands or over a million times, lacked even basic software defenses that drivers might expect to protect one of their most valuable possessions. By either rooting the target phone or tricking a user into installing malicious code, the researchers say, hackers could use any of the apps Kaspersky tested to locate a car, unlock it, and in some cases start its ignition.