Security Analysis of Android Automotive 2020-01-1295
In-vehicle infotainment (IVI) platforms are getting increasingly connected. Besides OEM apps and services, the next generation of IVI platforms are expected to offer third-party application integration. Under this business model, vehicular sensor and event data can be collected and shared with selected third-party apps. To this end, Google is pushing towards standardization among proprietary IVI operating systems with their Android Automotive platform which is running natively on the vehicle’s IVI platform. Unlike Android Auto’s limited functionality of display-mirroring certain smartphone apps to the IVI screen, Android Automotive will have access to the in-vehicle network (IVN) and be able to read and share various sensor data from the car with third-party apps. This increased connectivity opens new business opportunities for both the car manufacturer as well as third-party entities, but also introduces a new attack surface on the vehicle. Therefore, Android Automotive must have a secure system architecture to prevent any potential attacks that might compromise the security and privacy of the vehicle and the driver. In particular, malicious third-party entities could possibly remotely compromise a vehicle's functionalities and impact the vehicle safety, causing financial and operational damage to the vehicle, as well as compromise the driver’s privacy.
This paper presents Android Automotive system architecture and provides guidelines for conducting a high-level security analysis. We will describe what countermeasures have already been taken by Google to prevent potential proof-of-concept attacks, and discuss what still needs to be done in order to offer a secure and privacy-preserving Android experience for next-generation IVI platforms.
Mert Pese, Kang Shin, Josiah Bruner, Amy Chu
University of Michigan, Georgia Institute of Technology, Harman International