On the road with third-party apps: Security analysis of an in-vehicle app platform
Paper i proceeding, 2019

Digitalization has revolutionized the automotive industry. Modern cars are equipped with powerful Internetconnected infotainment systems, comparable to tablets and smartphones. Recently, several car manufacturers have announced the upcoming possibility to install third-party apps onto these infotainment systems. The prospect of running third-party code on a device that is integrated into a safety critical in-vehicle system raises serious concerns for safety, security, and user privacy. This paper investigates these concerns of in-vehicle apps. We focus on apps for the Android Automotive operating system which several car manufacturers have opted to use. While the architecture inherits much from regular Android, we scrutinize the adequateness of its security mechanisms with respect to the in-vehicle setting, particularly affecting road safety and user privacy. We investigate the attack surface and vulnerabilities for third-party in-vehicle apps. We analyze and suggest enhancements to such traditional Android mechanisms as app permissions and API control. Further, we investigate operating system support and how static and dynamic analysis can aid automatic vetting of in-vehicle apps. We develop AutoTame, a tool for vehicle-specific code analysis. We report on a case study of the countermeasures with a Spotify app using emulators and physical test beds from Volvo Cars.

Infotainment

API Security

In-vehicle App Security

Android Automotive

Information Flow Control

Program Analysis for Security

Författare

Benjamin Eriksson

Chalmers, Data- och informationsteknik, Informationssäkerhet

Jonas Groth

Andrei Sabelfeld

Chalmers, Data- och informationsteknik, Informationssäkerhet

VEHITS 2019 - Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems

64-75

5th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2019
Heraklion, Crete, Greece,

Ämneskategorier

Övrig annan teknik

Inbäddad systemteknik

Datorsystem

DOI

10.5220/0007678200640075

Mer information

Senast uppdaterat

2020-10-30