All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, our residents all have one of the many variants of the cell phone. We naturally have the iPhone and Android, and Margie has an old-school flip phone. Our residents use this for navigation, calling family, listening to music, and a variety of other uses. These, while useful, have tended to be a rather important tool in daily life. While these have grown in use and prominence, this has produced a negative bi-product. The phone, especially the Android platform, has become a target for the attackers. While unfortunate, this is our situation.
Across the globe, there are 5B cell phone users (aka targets). With this vast number of users to attack, it’s no wonder these devices are attacked and successfully compromised with regularity. One app available on the Android system is Android Auto. The user plugs their phone into the USB in the vehicle, and the head unit (or screen in the dash) begins to function as an extension of the phone. This acts to interact with the vehicle as a tenant, not as the host, meaning the vehicle is still in charge of the head unit’s operations, and the app is working within it. The app connects to the head unit in the dash and allows the user access to the phone’s functions.
This is great for the user, as they can use the phone while in the vehicle. If the phone were to have malware or another issue, as this connects to the vehicle, could affect the vehicle's operations, if this were coded for the vehicle’s systems. Although this is still a proof of concept (PoC), since there has not been an active attack, there is still the future opportunity for a thorough compromise. Now is the time to address any potential vulnerabilities now, while it is still less costly to fix, versus being in the Sunday paper explaining why a compromise occurred, and paying for immediate remediation.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Mandal, A.K., Cortesi, A., Ferrara, P., Panarotto, F., & Spoto, F. (2018). Vulnerability analysis of android auto infotainment apps. In Proceedings of the 15th ACM International Conference on Computing Frontier, 183-190. doi:10.1145/3203217.3203278
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!