Vulnerability analysis of Android auto infotainment apps

With over 2 billion active mobile users and a large array of features, Android is the most popular operating system for mobile devices. Android Auto allows such devices to connect with an in-car compatible infotainment system, and it became a popular choice as well. However, as the trend for connecting car dashboard to the Internet or other devices grows, so does the potential for security threats. In this paper, a set of potential security threats are identified, and a static analyzer for the Android Auto infotainment system is presented. All the infotainment apps available in Google Play Store have been checked against that list of possible exposure scenarios. Results show that almost 80% of the apps are potentially vulnerable, out of which 25% poses security threats related to execution of JavaScript.

[1]  R. de Graaff,et al.  Controlling your connected car , 2015 .

[2]  Patrick Nisch Security Issues in Modern Automotive Systems , 2011 .

[3]  Ho-Yeon Kim,et al.  REES: Malicious software detection framework for MeeGo-In Vehicle Infotainment , 2012, 2012 14th International Conference on Advanced Communication Technology (ICACT).

[4]  Fausto Spoto The Julia Static Analyzer for Java , 2016, SAS.

[5]  Ding Zhao,et al.  Towards secure and safe appified automated vehicles , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[6]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[7]  Roope Raisamo,et al.  Mobile devices as infotainment user interfaces in the car: contextual study and design implications , 2013, MobileHCI '13.

[8]  Marco Torchiano,et al.  An in-vehicle infotainment software architecture based on google android , 2009, 2009 IEEE International Symposium on Industrial Embedded Systems.

[9]  John D Lee,et al.  Auditory alerts for in-vehicle information systems: The effects of temporal conflict and sound parameters on driver attitudes and performance , 2004, Ergonomics.

[10]  Albrecht Schmidt,et al.  Shifting Gears: User Interfaces in the Age of Autonomous Driving , 2016, IEEE Pervasive Computing.

[11]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[12]  Y. Roudier,et al.  Security and privacy for in-vehicle networks , 2012, 2012 IEEE 1st International Workshop on Vehicular Communications, Sensing, and Computing (VCSC).

[13]  Stuart McClure Caution: malware ahead , 2013 .

[14]  Agostino Cortesi,et al.  Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications , 2015, VMCAI.

[15]  Aaron Hunter,et al.  A Security Analysis of an In-Vehicle Infotainment and App Platform , 2016, WOOT.

[16]  Pravin Selukoto Paupiah Vehicle security and forensics in Mauritius and abroad , 2015, 2015 International Conference on Computing, Communication and Security (ICCCS).

[17]  Milan Z. Bjelica,et al.  In-vehicle infotainment system for android OS: User experience challenges and a proposal , 2015, 2015 IEEE 5th International Conference on Consumer Electronics - Berlin (ICCE-Berlin).

[18]  Stefan Holmlid,et al.  Desirability in the development of In-Car Infotainment Systems , 2011 .

[19]  Khalil El-Khatib,et al.  Paving the way for Intelligent Transport Systems (ITS): Privacy Implications of Vehicle Infotainment and Telematics Systems , 2016, DIVANet@MSWiM.

[20]  Tarik Al-Ani Android In-Vehicle Infotainment System (AIVI) , 2012 .