Search Results

Android applications have historically faced vulnerabilities to man-in-the-middle attacks due to insecure custom SSL/TLS certificate validation implementations. In response, Google introduced the Network Security Configuration (NSC) as a configuration-based solution to improve the security of certificate validation practices. NSC was initially developed to enhance the security of Android applications by providing developers with a framework to customize network security settings. However, recent studies have shown that it is often not being leveraged appropriately to enhance security. Motivated by the surge in vehicular connectivity and the corresponding impact on user security and data privacy, our research pivots to the domain of mobile applications for vehicles. As vehicles increasingly become repositories of personal data and integral nodes in the Internet of Things (IoT) ecosystem, ensuring their security moves beyond traditional issues to one of public safety and trust.

The rapid development of connected and automated vehicle technologies together with cloud-based mobility services are revolutionizing the transportation industry. As a result, huge amounts of data are being generated, collected, and utilized, hence providing tremendous business opportunities. However, this big data poses serious challenges mainly in terms of data privacy. The risks of privacy leakage are amplified by the information sharing nature of emerging mobility services and the recent advances in data analytics. In this paper, we provide an overview of the connected vehicle landscape and point out potential privacy threats. We demonstrate two of the risks, namely additional individual information inference and user de-anonymization, through concrete attack designs. We also propose corresponding countermeasures to defend against such privacy attacks. We evaluate the feasibility of such attacks and our defense strategies using real world vehicular data.