On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform

Benjamin Eriksson, Jonas Groth, Andrei Sabelfeld

2019

Abstract

Digitalization has revolutionized the automotive industry. Modern cars are equipped with powerful Internet-connected infotainment systems, comparable to tablets and smartphones. Recently, several car manufacturers have announced the upcoming possibility to install third-party apps onto these infotainment systems. The prospect of running third-party code on a device that is integrated into a safety critical in-vehicle system raises serious concerns for safety, security, and user privacy. This paper investigates these concerns of in-vehicle apps. We focus on apps for the Android Automotive operating system which several car manufacturers have opted to use. While the architecture inherits much from regular Android, we scrutinize the adequateness of its security mechanisms with respect to the in-vehicle setting, particularly affecting road safety and user privacy. We investigate the attack surface and vulnerabilities for third-party in-vehicle apps. We analyze and suggest enhancements to such traditional Android mechanisms as app permissions and API control. Further, we investigate operating system support and how static and dynamic analysis can aid automatic vetting of in-vehicle apps. We develop AutoTame, a tool for vehicle-specific code analysis. We report on a case study of the countermeasures with a Spotify app using emulators and physical test beds from Volvo Cars.

Download


Paper Citation


in Harvard Style

Eriksson B., Groth J. and Sabelfeld A. (2019). On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform.In Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS, ISBN 978-989-758-374-2, pages 64-75. DOI: 10.5220/0007678200640075


in Bibtex Style

@conference{vehits19,
author={Benjamin Eriksson and Jonas Groth and Andrei Sabelfeld},
title={On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform},
booktitle={Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS,},
year={2019},
pages={64-75},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007678200640075},
isbn={978-989-758-374-2},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS,
TI - On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform
SN - 978-989-758-374-2
AU - Eriksson B.
AU - Groth J.
AU - Sabelfeld A.
PY - 2019
SP - 64
EP - 75
DO - 10.5220/0007678200640075