Your Car's Web Browser May be on the Road to Cyber Ruin
An Anonymous Coward writes:
Study finds built-in browsers across gadgets often ship years out of date
Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn't the case for those that reside within game consoles, televisions, e-readers, cars, and other devices. These outdated, embedded browsers can leave you open to phishing and other security vulnerabilities.
Researchers affiliated with the DistriNet Research Unit of KU Leuven in Belgium have found that newly released devices may contain browsers that are several years out of date and include known security bugs.
In a research paper [PDF] presented at the USENIX Symposium on Usable Privacy and Security (SOUPS) 2025 in August, computer scientists Gertjan Franken, Pieter Claeys, Tom Van Goethem, and Lieven Desmet describe how they created a crowdsourced browser evaluation framework called CheckEngine to overcome the challenge of assessing products with closed-source software and firmware.
The framework functions by providing willing study participants with a unique URL that they're asked to enter into the integrated browser in the device being evaluated. During the testing period between February 2024 and February 2025, the boffins received 76 entries representing 53 unique products and 68 unique software versions.
In 24 of the 35 smart TVs and all 5 e-readers submitted for the study, the embedded browsers were at least three years behind current versions available to users of desktop computers. And the situation is similar even for newly released products.
"Our study shows that integrated browsers are updated far less frequently than their standalone counterparts," the authors state in their paper. "Alarmingly, many products already embed outdated browsers at the time of release; in fact, eight products in our sample included a browser that was over three years obsolete when it hit the market."
According to KU Leuven, the study revealed that some device makers don't provide security updates for the browser, even though they advertise free updates.
Read more of this story at SoylentNews.