Static analysis of Android Auto infotainment and on‐board diagnostics II apps. (20th May 2019)
- Record Type:
- Journal Article
- Title:
- Static analysis of Android Auto infotainment and on‐board diagnostics II apps. (20th May 2019)
- Main Title:
- Static analysis of Android Auto infotainment and on‐board diagnostics II apps
- Authors:
- Mandal, Amit Kr
Panarotto, Federica
Cortesi, Agostino
Ferrara, Pietro
Spoto, Fausto - Abstract:
- Summary: Smartphone and automotive technologies are rapidly converging, letting drivers enjoy communication and infotainment facilities and monitor in‐vehicle functionalities, via on‐board diagnostics (OBD) technology. Among the various automotive apps available in playstores, Android Auto infotainment and OBD‐II apps are widely used and are the most popular choice for smartphone to car interaction. Automotive apps have the potential of turning cars into smartphones on wheels but can be also the gateway of attacks. This paper defines a static analysis that identifies potential security risks in Android infotainment and OBD‐II apps. It identifies a set of potential security threats and presents an actual static analyzer for such apps. It has been applied to most of the highly rated infotainment apps available in the Google Play store, as well as on the available open‐source OBD‐II apps, against a set of possible exposure scenarios. Results show that almost 60% of such apps are potentially vulnerable and that 25% pose security threats related to the execution of JavaScript. The analysis of the OBD‐II apps shows possibilities of severe controller area network injections and privacy violations, because of leaks of sensitive information.
- Is Part Of:
- Software, practice & experience. Volume 49:Number 7(2019)
- Journal:
- Software, practice & experience
- Issue:
- Volume 49:Number 7(2019)
- Issue Display:
- Volume 49, Issue 7 (2019)
- Year:
- 2019
- Volume:
- 49
- Issue:
- 7
- Issue Sort Value:
- 2019-0049-0007-0000
- Page Start:
- 1131
- Page End:
- 1161
- Publication Date:
- 2019-05-20
- Subjects:
- abstract interpretation -- Android auto security -- in‐vehicle infotainment system -- ODB‐II app security -- static analysis
Computer software -- Periodicals
Computer programming -- Periodicals
Computer programs -- Periodicals
005.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/spe.2698 ↗
- Languages:
- English
- ISSNs:
- 0038-0644
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.453000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 10862.xml