Vulnerabilities of Android OS-Based Telematics System
- 511 Downloads
Intelligent vehicle technologies have been developed rapidly. Modern vehicles include many Electronic Control Units (ECUs) and in-vehicle networks. While these technologies offer accurate vehicle control and increase the convenience and safety of drivers, their vulnerabilities also have been analyzed and exploited. Nevertheless, open platforms, such as the Android OS, have been introduced into vehicle systems without careful consideration about security issues. In this paper, we indicate the security problems of an Android OS-based telematics system. Our target device’s firmware is offered on a public Web site and is easily analyzed using public analysis tools. This means that our analysis methods are more scalable and practical than previous ones for remote attacks that require difficult analysis skills, such as signal processing and reverse engineering. We also found that the device allows malicious firmware to be updated because of a problem related to misuse of certificates. Furthermore, we conducted attack experiments using a real vehicle.
KeywordsTelematics communication Controller Area Network Android Smart vehicle Open platform
- 1.Android auto, http://www.android.com/auto/.
- 2.Apkfuscator, https://github.com/strazzere/APKfuscator.
- 4.Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., & Kohno, T. (2011). Comprehensive experimental analyses of automotive attack surfaces. Proceedings of the 20th USENIX Conference on Security, SEC’11, Berkeley, CA, USA (pp. 6–6). USENIX Association.Google Scholar
- 6.Dalvik-obfuscator, https://github.com/thuxnder/dalvik-obfuscator.
- 8.Drake, J. J., Lanier, Z., Mulliner, C., Fora, P. O., Ridley, S. A., & Wicherski, G. (2014). Android Hacker’s Handbook. Hoboken: Wiley.Google Scholar
- 9.Elenkov, N. (2014). Android security internals an in-depth guide to Android’s Security Architecture. San Francisco: No Starch Press.Google Scholar
- 10.Exclusive: Google aiming to go straight into car with next android - sources, http://www.reuters.com/article/2014/12/18/us-google-cars-idUSKBN0JW2PS20141218.
- 11.Foster, I., Prudhomme, A., Koscher, K., & Savage, S. (2015). Fast and vulnerable: A story of telematic failures. 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C. USENIX Association.Google Scholar
- 12.Gm developer network, https://developer.gm.com/.
- 13.Gm to adopt android os in. (2016). http://gas2.org/2014/11/06/gm-adopt-android-os-2016/.
- 14.Honda debuts android-based infotainment system for europe, http://www.cnet.com/news/.
- 16.Hyundai kia will offer android-based infotainment systems, http://telematicsnews.info/.
- 17.Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H. and Savage, S. (2010). Experimental security analysis of a modern automobile. Security and Privacy (SP), 2010 IEEE Symposium on, (pp. 447–462) May.Google Scholar
- 18.Larson, U. E., & Nilsson, D. K. (2008). Securing vehicles against cyber attacks. Proceedings of the 4th annual workshop on Cyber security and information intelligence research (CSIIRW ’08), Article No.30, New York, NY: ACM.Google Scholar
- 19.Miller, C., & Valasek, C. (2015). Remote exploition of an unaltered passenger vehicle. Black Hat USA, 2015.Google Scholar
- 20.Miller, C., & Valasek, C. (2013). Adventures in automotive networks and control units. In DEFCON 21, Las Vegas, NV, August 2013.Google Scholar
- 21.Mirrorlink, http://www.mirrorlink.com/.
- 22.Open automotive alliance, http://www.openautoalliance.net.
- 23.Proguard, http://proguard.sourceforge.net/.
- 24.Rouf, I., Miller, R., Mustafa, H., Taylor, T., Oh, S., Xu, W., Gruteser, M., Trappe, W., & Seskar, I. (2010). Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. Proceedings of the 19th USENIX Conference on Security, USENIX Security’10, Berkeley, CA, USA (pp. 21–21). USENIX Association.Google Scholar
- 25.The openxc platform, http://openxcplatform.com/.
- 26.White paper : An overview of samsung knox platform, https://www.samsungknox.com/en/support/knox-workspace/white-papers.
- 27.Wolf, M., Weimerskirch, A., Paar, C., & Bluetooth, M. (2004). Security in automotive bus systems. Proceedings of the Workshop on Embedded Security in Cars (escar)04.Google Scholar
- 29.Woo, S., Jo, H., & Lee, D. (2015). A practical wireless attack on the connected car and security protocol for in-vehicle can. Intelligent Transportation Systems, IEEE Transactions on, 16(2), 993–1006.Google Scholar