In EDS ansehen

Cybersecurity Risks in EV Mobile Applications: A Comparative Assessment of OEM and Third-Party Solutions.

Gespeichert in:
Bibliographische Detailangaben
Titel: Cybersecurity Risks in EV Mobile Applications: A Comparative Assessment of OEM and Third-Party Solutions.
Autoren: Saleem, Bilal, Rehman, Alishba, Hassan, Muhammad Ali, Muhammad, Zia
Quelle: World Electric Vehicle Journal; Jul2025, Vol. 16 Issue 7, p364, 29p
Schlagwörter: ELECTRIC vehicles, MOBILE apps, COMPUTER security vulnerabilities, INTERNET security, RISK management in business, THIRD-party software
Abstract: As the world accelerates toward a sustainable future with electric vehicles (EVs), smartphone applications have become an indispensable tool for drivers. These applications, developed by both EV manufacturers and third-party developers, offer functionalities such as remote vehicle control, charging station location, and route planning. However, they also have access to sensitive information, making them potential targets for cyber threats. This paper presents a comprehensive survey of the cybersecurity vulnerabilities, weaknesses, and permissions in these applications. We categorize 20 applications into two groups: those developed by EV manufacturers and those by third parties, and conduct a comparative analysis of their functionalities by performing static and dynamic analysis. Our findings reveal major security flaws such as poor authentication, broken encryption, and insecure communication, among others. The paper also discusses the implications of these vulnerabilities and the risks they pose to users. Furthermore, we analyze 10 permissions and 12 functionalities that are not present in official EV applications and mostly present in third-party apps, leading users to rely on poorly built third-party applications, thereby increasing their attack surface. To address these issues, we propose defensive measures which include 10 CWE AND OWASP top 10 defenses to enhance the security of these applications, ensuring a safe and secure transition to EVs. [ABSTRACT FROM AUTHOR]
Copyright of World Electric Vehicle Journal is the property of MDPI and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Datenbank: Complementary Index
Beschreibung
Abstract:As the world accelerates toward a sustainable future with electric vehicles (EVs), smartphone applications have become an indispensable tool for drivers. These applications, developed by both EV manufacturers and third-party developers, offer functionalities such as remote vehicle control, charging station location, and route planning. However, they also have access to sensitive information, making them potential targets for cyber threats. This paper presents a comprehensive survey of the cybersecurity vulnerabilities, weaknesses, and permissions in these applications. We categorize 20 applications into two groups: those developed by EV manufacturers and those by third parties, and conduct a comparative analysis of their functionalities by performing static and dynamic analysis. Our findings reveal major security flaws such as poor authentication, broken encryption, and insecure communication, among others. The paper also discusses the implications of these vulnerabilities and the risks they pose to users. Furthermore, we analyze 10 permissions and 12 functionalities that are not present in official EV applications and mostly present in third-party apps, leading users to rely on poorly built third-party applications, thereby increasing their attack surface. To address these issues, we propose defensive measures which include 10 CWE AND OWASP top 10 defenses to enhance the security of these applications, ensuring a safe and secure transition to EVs. [ABSTRACT FROM AUTHOR]
ISSN:20326653
DOI:10.3390/wevj16070364