It’s no longer an oddity to think about our phones controlling the most sensitive parts of our lives, including vehicles, the main mode of physical transportation for many of us. That’s not to mention other vital, similarly controlled items such as crucial healthcare-related machines or financial transaction systems. But app-controlled vehicles do have a distinct role in our lives, as they make so many things physically possible, or not. 

When we look to start our own vehicles, lock/unlock its doors, or prepare the climate control, we as consumers are not typically mindful of the potential cyber fallout associated with our use of an app to control parts of our ride. But the vehicle app manufacturers have a momentous list of risks they now need to address in 2024 to ensure the utmost safety for their users.

#1 OWASP’s latest list

First off, the recently published 2024 OWASP Mobile Top 10 list serves as a key reminder that the prioritization of mobile app security is paramount, especially for apps connected to devices that can  quite literally make the difference between life and death. And, as observed by many outlets, there were some notable changes in this latest update to this OWASP Mobile Top 10 list. 

It’s imperative that vehicle app manufacturers ensure they have tackled all of these 10 listed threats from the above link:

  • M1: Improper Credential Usage
  • M2: Inadequate Supply Chain Security
  • M3: Insecure Authentication/Authorization
  • M4: Insufficient Input/Output Validation
  • M5: Insecure Communication
  • M6: Inadequate Privacy Controls
  • M7: Insufficient Binary Protections
  • M8: Security Misconfiguration
  • M9: Insecure Data Storage
  • M10: Insufficient Cryptography

Recently, Verimatrix published its latest whitepaper on the OWASP Mobile Top 10 list that serves as a developer’s guide to securing, detecting, and responding to threats to mobile apps. Check it out!

#2 Proper key handling as well as replay & relay attacks

Triple check that key handling is correct while also ensuring that there is suitable protection against replay and relay attacks that can be devastating for individual vehicle app users on a pretty grand scale. And here’s why: Replay attacks are caused by opening procedure protocols that are conducted in the wrong manner, allowing cybercriminals to capture the actual numbers needed to open a car door, for example. And equally dangerous, a relay attack uses an amplifier in between the app and the vehicle, allowing for nefarious activity to take place within a greater than ever-expected distance.

#3 Protect corporate servers

Protect the enterprise’s servers against attacks that originate via the associated mobile app. The last thing a vehicle manufacturer needs is to unintentionally create a conduit from which cybercriminals can gain entry into corporate systems. That can spell disaster, yet it’s not overly discussed in the press as the potentially major pathway that it is for cybercrooks.