Vulnerabilities in Car-Sharing Apps

By: Vic Krens
On: September 23, 2018
Print Friendly, PDF & Email
About Vic Krens


   

 

Car-sharing applications, like Uber and Car2Go, do not really need an introduction. These days it is as easy to order or rent a car through an application as it is to order food through an application.  But are users of car-sharing applications aware of the privacy risks that are involved by using these applications? Car-sharing applications allow people to communicate with other people in the process of sharing cars. The aspect of pooling cars can be used to eliminate the challenges associated with traffic and maintenance of a car. The car-sharing application allows people to use rented cars to conduct their personal activities such as going shopping and returning the vehicle back or simply get in someone their car while they drive you around. Through the application, the users are able to share information about traffic and the state of the roads within a certain locality (Dias et al. 1308). Each of the user has to open up an account with the application and register to enjoy the services. The challenge with the application is that the user has to provide personal details including names, besides payment is made through the application’s portal, so the user has to provide relevant bank details.. The application connects the users via a wireless communication, and so it becomes possible for potentional attackers to access the network through hacking (Manovich 11). According to the United States (U.S) Government Accountability Office (GAO), the car-sharing application poses a great threat to the privacy of the users (Bécsi, Aradi, and Gáspár 14). The applications are interconnected with the car’s sensors so that they can monitor the internal and external environment of the car. The system interconnecting the car sharing application uses a wireless network, and is able to transmit gathered information. However, consumers should be worried about their confidential information since the apps do not have strong security features to thwart attackers. Apart from being hacked, the car-sharing applications may capture information that is deemed private. For instance, the information captured may include the behavior pattern of the driver, and the type of data found in his/her mobile phone. Also, the application can upload any other private information contained in the car’s computer system such as health and biometric data records. The risk of exposing user’s private information is high while using the car-sharing applications. The user’s personal and bank information may be stolen and used to access bank accountsand steal their money. Also, the private information exposed by the car-sharing application may infringe the rights of the user through exposure of the user’s health information to manufacturers or other users of the same application (Dias et al. 1311). Therefore, there is a need to understand the risk associated with using applications in car sharing. Moreover, the car sharing application may give the precise location of the user which may be used to conduct criminal activities such as abduction and hijacking.

Technology has enhanced information sharing among travelers through a number of dedicated applications. Drivers share information about traveling, traffic, and travel routes through the car sharing application. Car owners are required to submit personal data and information to become members and acquire login details for the particular application. The sharing of information makes the lives of the users much easier and transactions become more convenient. However, there are flaws within the car-sharing applications that put personal data and information ofthe user in jeopardy (Bécsi, Aradi, and Gáspár 21). The programming flaws are likely to be utilized by attackers through hacking or by the use of reverse engineering. A study carried out by the Kaspersky Lab found thirteen car-sharing applications that had security flaws (Chebyshev). Kaspersky Lab tested the applications and found out that it was possible for attackers to steal user login details, lock out the authorized user, and continue operating using stolen (Chebyshev). The report stated that malicious users are already making fortunes using the stolen accounts. Also, the study found out that it was possible for an attacker to use the stolen accounts to direct unsuspecting members to a site where they force them to provide credit cards, Personal Identification Numbers (PINs), and Passwords to their bank accounts.

As stated before, the vulnerable car-sharing applications give attackers the opportunity to use reverse engineering attackers to access the system servers. There are various malicious actions an attacker can take after gaining access to the servers or the users’ personal information. The most important aspect is to ensurethe security features of the application are up-to-date (Coppola and Marisio 46). So, users of the car-sharing applications are encouraged to add more security features to their mobile phones to thwart attempts from attackers.

In conclusion, there is a need to limit the amount of information that can be collected by the car-sharing application. The manufacturers or designers of the application should customize it to minimize the risk of exposing pertinent information about the users. Further, policies should be developed to governand ensure order with the use of car sharing applications (Puschmann and Ausserhofer 13). Users should evaluate how their information is safe while they use the car sharing application. The policies should focus on data security, access, and accuracy of captured information, individual management of the captured information, and accountability.  But will these threats be enough to stop using car-sharing applications?

 

Literature

Bécsi, Tamás, Szilárd Aradi, and Péter Gáspár. “Security issues and vulnerabilities in connected car systems.” Models and Technologies for Intelligent Transportation Systems (MT-ITS), 2015 International Conference on. IEEE, 2015.

Coppola, Riccardo, and Maurizio Morisio. “Connected car: technologies, issues, future trends.” ACM Computing Surveys (CSUR) 49.3 (2016): 46.

Dias, Felipe F., et al. “A behavioral choice model of the use of car-sharing and ride-sourcing services.” Transportation 44.6 (2017): 1307-1323.

Manovich, L., 2011. Trending: The Promises and the Challenges of Big Social Data, pp.1–17.

Puschmann, Cornelius, and Julian Ausserhofer. Social Data APIs: Origin, Types, Issues. In The Datafied Society: Studying Culture through Data, edited by Mirko Tobias Schäfer and Karinvan Es, 147–154. Amsterdam: Amsterdam University Press, 2017.

Chebyshev, Victor. “A Study of Car Sharing Apps.” Securelist – Kaspersky Lab’s Cyberthreat Research and Reports, 25 July 2018, securelist.com/a-study-of-car-sharing-apps/86948/.

Leave a Reply