A security analysis of an in vehicle infotainment and app platform

Sahar Mazloom, Mohammad Rezaeirad, Aaron Hunter, Damon McCoy

    Research output: Contribution to conferencePaper

    Abstract

    There is an increasing trend in the automotive industry towards integrating trusted third-party apps with In-Vehicle-Infotainment systems (IVI) via smartphones. This integration is typically facilitated by a pair of apps, one that executes on the smartphone and the other executes on the IVI which is connected to the Vehicle’s Controller Area Network (CAN) bus. Throughout the evolution of these IVI and App platforms, there has been little public analysis of the security of these protocols and the frameworks that implement these apps on the IVI. This raises the question: to what extent are these apps, protocols and underlining IVI implementations vulnerable to an attacker who might gain control of a driver’s smartphone? In this paper, we focus on gaining insights into this question by performing a comprehensive security analysis on an IVI system that is included in at least one 2015 model vehicle from a major automotive manufacturer. This IVI system included vestigial support for the MirrorLink protocol which is intentionally disabled but can be enabled by updating a single configuration value after applying a publicly available firmware update that is securely signed by the manufacturer. Based on our analysis, we document and demonstrate insecurities in the MirrorLink protocol and IVI implementation that could potentially enable an attacker with control of a driver’s smartphone to send malicious messages on the vehicle’s internal network.

    Original languageEnglish (US)
    StatePublished - 2016
    Event10th USENIX Workshop on Offensive Technologies, WOOT 2016 - Austin, United States
    Duration: Aug 8 2016Aug 9 2016

    Conference

    Conference10th USENIX Workshop on Offensive Technologies, WOOT 2016
    CountryUnited States
    CityAustin
    Period8/8/168/9/16

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture
    • Information Systems
    • Software

    Fingerprint Dive into the research topics of 'A security analysis of an in vehicle infotainment and app platform'. Together they form a unique fingerprint.

  • Cite this

    Mazloom, S., Rezaeirad, M., Hunter, A., & McCoy, D. (2016). A security analysis of an in vehicle infotainment and app platform. Paper presented at 10th USENIX Workshop on Offensive Technologies, WOOT 2016, Austin, United States.