Millennials’ approach to new services has affected many industries, continuously expanding technological development efforts. Among the services that have gained popularity are transit-oriented mobile apps, which are becoming increasingly sophisticated and offering more ways for users to plan, request, share, and pay for a wide variety of transit options. For instance, comfort, flexibility, and aversion to long-term commitments have led people to use car-sharing services, which are now permanent in main European cities. The rise of car hire apps like Zipcar and its car-pooling rival BlaBlaCar present new challenges to mass-market carmakers such as Ford, GM, Volvo, Renault, and Volkswagen, while presenting fresh opportunities for existing rental networks.
However, car-sharing applications are a tempting target for malicious actors. Since anyone using a smartphone and a car-sharing application can open a networked parked car, car-sharing applications can be an attractive target for malicious actors for several reasons. Hacking the application, a malicious actor can hijack legitimate accounts to gain access to cars without paying for them, steal vehicles for their parts, or commit other crimes. In addition, such actors can also track people’s locations and obtain the account holder’s personal information. For instance, hacking the car-sharing application car2go (a joint car-sharing program by BMW and Daimler) in April of 2019 resulted in fraudulent rentals of between 100 and 200 high-end luxury cars from its Chicago fleet, used for committing crimes. This emergency forced the official suspension of the application until neutralising the security hole and assuring the safety of the individuals. Recently, 110 thousand records of Lithuanian CityBee users containing user identities, hashed passwords, personal codes (national identification numbers), driver licenses, CityBee credit limits, and credit card information got sold on a hacker forum in 2021.
Specialists in software security have reported on several occasions that many car-sharing applications contain a multitude of security issues. The solutions to some of these issues are not complex, like improving account password strength or avoiding short one-time verification codes vulnerable to brute-force attacks in the absence of login attempt limits. There are, however, more pressing security issues harder to address, like reverse-engineering the application or protecting against gaining superuser privileges. Allowing an app to run with high access rights (e.g. in a rooted device) enables an attacker to access sensitive information. Failure to prevent unauthorised individuals from reverse engineering an application increases the risk of someone creating a malicious version of the app. In addition, developers must check the integrity of the original application code to avoid malicious versions running on the device. To mitigate this problem, developers can encrypt sensitive data so that hackers cannot gather personal information after accessing the data.
With the rise of blockchain technology, new forms of protection can enhance car-sharing application security. Besides transparent and secure financial transactions, blockchain technology offers several solutions to the ever-increasing cyber-attacks on these applications, presented in the following.
Blockchain allows user authentication, including their devices and transactions, without entering a password. Network decentralisation relies on consensus among the involved parties for authentication. Blockchain is thus an intelligent alternative to replace the password. For instance, when two parties consent to perform a transaction, paying for car rentals through the Secure Sockets Layer certificate limits the possibility of an external breach.
Blockchain is an interconnected node network without a sole authorisation entity as a decentralised system. Moreover, the integration of blockchain in the application makes the system more reliable since it enables tracking attempts to data tamper and removes intermediaries in any transaction. Therefore, any role involved in the network can prove any personal information leakage while eliminating the possibility of having a middleman and ensuring secured personal data transactions in the application.
Blockchain supports decentralised platforms, allowing developers to store DNS entries securely. This feature eradicates the risk of hacking the car-sharing development infrastructure since it offers an entirely transparent and distributed DNS. Hence, developers have complete control over the domain records, which are immutable without permission. In addition, the use of Keyless Security Infrastructure in blockchain ensures maximum protection by detecting any data manipulation using a hashing algorithm for verification.
Original code integrity
The possibility of registering objects in blockchain enables novel approaches that guarantee virus and malware-free software environments on the devices for running car-sharing applications. These objects can be software programs, applications, application components, or parts of an operating system environment, signed and registered on the blockchain by the development company using unique identifiers and code hashes. Code hashes can verify software components loaded in the device memory and avoid executing in-memory code if the hash mismatches the one registered on the blockchain.
As a caution note, although blockchain appears as the ultimate solution for security threats or attacks, its application integration is not simple and imposes many technical limitations on developers.
The functionality of the blockchain in an innovative car-sharing app always depends upon people and their practices. Therefore, decentralised app developers need to understand such dynamics before integrating this technology. To determine the safety or risk of a blockchain mobile app requires those broader forms of understanding. Another critical aspect of blockchain technology integration is the volume of the authenticating transactions that affect the application performance and the user experience.
This blog post was written by Agilia Center team in December 2021.
< Thanks for reading. We are curious to hear from you. Get in touch with us and let us know what you think. >