Vulnerabilities of Android OS-Based Telematics System

Hyo Jin Jo, Wonsuk Choi, Seoung Yeop Na, Samuel Woo, Dong Hoon Lee

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

Intelligent vehicle technologies have been developed rapidly. Modern vehicles include many Electronic Control Units (ECUs) and in-vehicle networks. While these technologies offer accurate vehicle control and increase the convenience and safety of drivers, their vulnerabilities also have been analyzed and exploited. Nevertheless, open platforms, such as the Android OS, have been introduced into vehicle systems without careful consideration about security issues. In this paper, we indicate the security problems of an Android OS-based telematics system. Our target device’s firmware is offered on a public Web site and is easily analyzed using public analysis tools. This means that our analysis methods are more scalable and practical than previous ones for remote attacks that require difficult analysis skills, such as signal processing and reverse engineering. We also found that the device allows malicious firmware to be updated because of a problem related to misuse of certificates. Furthermore, we conducted attack experiments using a real vehicle.

Original languageEnglish
Pages (from-to)1-20
Number of pages20
JournalWireless Personal Communications
DOIs
Publication statusAccepted/In press - 2016 Aug 26

Fingerprint

Firmware
Intelligent vehicle highway systems
Reverse engineering
Websites
Signal processing
Experiments

Keywords

  • Android
  • Controller Area Network
  • Open platform
  • Smart vehicle
  • Telematics communication

ASJC Scopus subject areas

  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this

Vulnerabilities of Android OS-Based Telematics System. / Jo, Hyo Jin; Choi, Wonsuk; Na, Seoung Yeop; Woo, Samuel; Lee, Dong Hoon.

In: Wireless Personal Communications, 26.08.2016, p. 1-20.

Research output: Contribution to journalArticle

Jo, Hyo Jin ; Choi, Wonsuk ; Na, Seoung Yeop ; Woo, Samuel ; Lee, Dong Hoon. / Vulnerabilities of Android OS-Based Telematics System. In: Wireless Personal Communications. 2016 ; pp. 1-20.
@article{1e7cb3c8fbac4d0a90eb77aed32780c4,
title = "Vulnerabilities of Android OS-Based Telematics System",
abstract = "Intelligent vehicle technologies have been developed rapidly. Modern vehicles include many Electronic Control Units (ECUs) and in-vehicle networks. While these technologies offer accurate vehicle control and increase the convenience and safety of drivers, their vulnerabilities also have been analyzed and exploited. Nevertheless, open platforms, such as the Android OS, have been introduced into vehicle systems without careful consideration about security issues. In this paper, we indicate the security problems of an Android OS-based telematics system. Our target device’s firmware is offered on a public Web site and is easily analyzed using public analysis tools. This means that our analysis methods are more scalable and practical than previous ones for remote attacks that require difficult analysis skills, such as signal processing and reverse engineering. We also found that the device allows malicious firmware to be updated because of a problem related to misuse of certificates. Furthermore, we conducted attack experiments using a real vehicle.",
keywords = "Android, Controller Area Network, Open platform, Smart vehicle, Telematics communication",
author = "Jo, {Hyo Jin} and Wonsuk Choi and Na, {Seoung Yeop} and Samuel Woo and Lee, {Dong Hoon}",
year = "2016",
month = "8",
day = "26",
doi = "10.1007/s11277-016-3618-9",
language = "English",
pages = "1--20",
journal = "Wireless Personal Communications",
issn = "0929-6212",
publisher = "Springer Netherlands",

}

TY - JOUR

T1 - Vulnerabilities of Android OS-Based Telematics System

AU - Jo, Hyo Jin

AU - Choi, Wonsuk

AU - Na, Seoung Yeop

AU - Woo, Samuel

AU - Lee, Dong Hoon

PY - 2016/8/26

Y1 - 2016/8/26

N2 - Intelligent vehicle technologies have been developed rapidly. Modern vehicles include many Electronic Control Units (ECUs) and in-vehicle networks. While these technologies offer accurate vehicle control and increase the convenience and safety of drivers, their vulnerabilities also have been analyzed and exploited. Nevertheless, open platforms, such as the Android OS, have been introduced into vehicle systems without careful consideration about security issues. In this paper, we indicate the security problems of an Android OS-based telematics system. Our target device’s firmware is offered on a public Web site and is easily analyzed using public analysis tools. This means that our analysis methods are more scalable and practical than previous ones for remote attacks that require difficult analysis skills, such as signal processing and reverse engineering. We also found that the device allows malicious firmware to be updated because of a problem related to misuse of certificates. Furthermore, we conducted attack experiments using a real vehicle.

AB - Intelligent vehicle technologies have been developed rapidly. Modern vehicles include many Electronic Control Units (ECUs) and in-vehicle networks. While these technologies offer accurate vehicle control and increase the convenience and safety of drivers, their vulnerabilities also have been analyzed and exploited. Nevertheless, open platforms, such as the Android OS, have been introduced into vehicle systems without careful consideration about security issues. In this paper, we indicate the security problems of an Android OS-based telematics system. Our target device’s firmware is offered on a public Web site and is easily analyzed using public analysis tools. This means that our analysis methods are more scalable and practical than previous ones for remote attacks that require difficult analysis skills, such as signal processing and reverse engineering. We also found that the device allows malicious firmware to be updated because of a problem related to misuse of certificates. Furthermore, we conducted attack experiments using a real vehicle.

KW - Android

KW - Controller Area Network

KW - Open platform

KW - Smart vehicle

KW - Telematics communication

UR - http://www.scopus.com/inward/record.url?scp=84983749082&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84983749082&partnerID=8YFLogxK

U2 - 10.1007/s11277-016-3618-9

DO - 10.1007/s11277-016-3618-9

M3 - Article

AN - SCOPUS:84983749082

SP - 1

EP - 20

JO - Wireless Personal Communications

JF - Wireless Personal Communications

SN - 0929-6212

ER -