Car management apps can remain connected to owners’ phones even after the automobile is sold to someone else, a computer security researcher has cautioned.
IBM researcher Charles Henderson stated his phone had stayed linked to a car for “years” after he had sold it.
Mr Henderson contacted automobile makers to do a better job of separating former owners from their automobiles.
The research comes as Kaspersky Laboratory reports security issues with seven Android apps for cars.
In a speech at the RSA Security conference, Mr Henderson stated that regardless of selling a car years ago he still understood where it was because there was no process in place to unhook connected-car apps from previous owners.
“The vehicle is truly smart, but it’s not clever sufficient to understand who its owner is, so it’s not smart enough to know it’s been re-sold,” Mr Henderson informed the CNNTech news site.
The connection to Mr Henderson’s phone continued although he had purged all personal information from it prior to taking it to be re-sold, he composed on a blog site about his discovery. He did not define which car he was still connected.
Although there were procedures in place to make sure all the keys to a car were turned over, manufacturers and automobile dealerships had no chance to detach vehicle apps, he stated.
Research by IBM suggested a lot more “smart” devices stayed linked to old owners when they were sold on, Mr Henderson stated.
“Do not presume you’re the only authorized user of a smart device,” he included. “Verify it.”
At the same conference, Kaspersky published research about problems with seven Android apps utilized to connect to cars.
6 of the applications checked by Victor Chebyshev and Mikhail Kuzin did not encrypt user names and none had good defenses against reverse engineering methods or hijacking by malware.
“An evildoer can discreetly and rapidly perform all of the actions in order to steal a vehicle without breaking or drilling anything,” wrote the researchers in a paper explaining their work.
