Apps continue to make our lives more convenient but at what cost?

Researchers at one Russian firm say that the price we pay is security, with their latest findings making worrying reading for users of Android car control apps.

They have detected a 'vast' array of flaws in the coding of apps from a number of high profile car manufacturers, which could allow hackers to steal or take control your vehicle.

Scroll down for video

Analysts at a Russian computer security firm have detected numerous flaws in software supplied by car companies to control their vehicles

Many car manufacturers now supply proprietary apps which allow users to open doors and even start the car using only their phone.

But according to a report by Russian anti-virus and computer security firm Kaspersky, several flaws in such apps could be exploited by attackers.

Once successfully exploited, an attacker could gain control over the car, unlock the doors, turn off the security alarm and, even steal the vehicle.

As well as opening up cars to potential thefts, hackers using mobile apps could possibly get the GPS coordinates of a car, trace its route, open its doors, start its engine, and turn on its auxiliary devices.

For their study, research and development specialist Victor Chebyshev and malware analyst Mikhail Kuzin took seven of the most popular apps from well-known brands and tested the apps for vulnerabilities.

They found a number of flaws which could allow hackers to gain varying degrees of control through each app.

The researchers have now disclosed their study with the developers of the apps in question, but until the security holes are plugged users remain vulnerable.

POTENTIAL FLAWS IN CAR APPS Kaspersky reports car apps could be exploited by attackers in the following ways: No protection against application reverse engineering. Hackers can dig in and find vulnerabilities that give them access to server-side infrastructure or to the car's multimedia system. No code integrity check. This allows criminals to incorporate their own code in the app, adding malicious capabilities and replacing the original program with a fake one. No rooting detection techniques. Rooting gives hackers access to the Android operating system code and provides Trojans with almost endless capabilities, leaving apps defenceless. Lack of protection against overlaying techniques. This allows malicious apps to show phishing windows, tricking users into entering login credentials in windows that send the information to criminals. Storage of logins and passwords in plain text. Passwords are not encrypted. Using this weakness, a criminal can steal users' data relatively easily. Advertisement

Flaws could allow hackers to gain varying degrees of control through each app tested, from unlocking the doors to turning off the security alarm and even stealing the vehicle

A full report with an evaluation of each of the apps tested can be found at Kaspersky's Securelist.

About their findings, Mr Chebyshev said: 'Applications for connected cars are not ready to withstand malware attacks.'

'We expect that car manufacturers will have to go down the same road that banks have already taken with their application.'

'After multiple cases of attacks against banking apps, many banks have improved the security of their products.'

'Luckily, we have not yet detected any cases of attacks against car applications, which means that car vendors still have time to do things right.'

'How much time they have exactly is unknown. 'Modern Trojans are very flexible — one day they can act like normal adware, and the next day they can easily download a new configuration, making it possible to target new apps.'

'The attack surface is really vast here.'