An Approach for the Identification of Information Leakage in Automotive Infotainment systems

by   Abdul Moiz, et al.

The advancements in the digitization world has revolutionized the automotive industry. Today's modern cars are equipped with internet, computers that can provide autonomous driving functionalities as well as infotainment systems that can run mobile operating systems, like Android Auto and Apple CarPlay. Android Automotive is Google's android operating system tailored to run natively on vehicle's infotainment systems, it allows third party apps to be installed and run on vehicle's infotainment systems. Such apps may raise security concerns related to user's safety, security and privacy. This paper investigates security concerns of in-vehicle apps, specifically, those related to inter component communication (ICC) among these apps. ICC allows apps to share information via inter or intra apps components through a messaging object called intent. In case of insecure communication, Intent can be hijacked or spoofed by malicious apps and user's sensitive information can be leaked to hacker's database. We investigate the attack surface and vulnerabilities in these apps and provide a static analysis approach and a tool to find data leakage vulnerabilities. The approach can also provide hints to mitigate these leaks. We evaluate our approach by analyzing a set of Android Auto apps downloaded from Google Play store, and we report our validated results on vulnerabilities identified on those apps.


page 1

page 3


Security Code Smells in Android ICC

Android Inter-Component Communication (ICC) is complex, largely unconstr...

Our fingerprints don't fade from the Apps we touch: Fingerprinting the Android WebView

Numerous studies demonstrated that browser fingerprinting is detrimental...

Security Smells in Android

The ubiquity of smartphones, and their very broad capabilities and usage...

Demystifying security and compatibility issues in Android Apps

Never before has any OS been so popular as Android. Existing mobile phon...

On the (Un)Reliability of Privacy Policies in Android Apps

Access to privacy-sensitive information on Android is a growing concern ...

Detecting Data Leakage from Databases on Android Apps with Concept Drift

Mobile databases are the statutory backbones of many applications on sma...

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews

A Webview embeds a full-fledged browser in a mobile application and allo...

Please sign up or login with your details

Forgot password? Click here to reset