JOURNAL BROWSE
Search
Advanced SearchSearch Tips
A Practical Attack on In-Vehicle Network Using Repacked Android Applications
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
A Practical Attack on In-Vehicle Network Using Repacked Android Applications
Lee, Jung Ho; Woo, Samuel; Lee, Se Young; Lee, Dong Hoon;
  PDF(new window)
 Abstract
As vehicle started to contain many different communication devices, collecting external information became possible in IoT environment. In such environment, remotely controling vehicle is possible when vehicle information is obtained by looking in to vehicle network through smart device. However, android based smart device applications are vulnerable to malicious modulation and redistribution. Modulated android application can lead to vehicle information disclosure that could bring about vehicle control accident which becomes threat to drivers. furthermore, since vehicles today does not contain security methods to protect it, they are very vulnerable to security threats which can cause serious damage to users and properties. In this paper, many different vehicle management android applications that are sold in Google Play has been analyzed. With this information, possible threats that could happen in vehicle management applications are being analysed to prove the risks. the experiment is done on actual vehicle to prove the risks. Also, access control method to protect the vehicle against malicious actions that could happen through external network in IoT environment is suggested in the paper.
 Keywords
In-Vehicle Network;Control Area Network;Android Application Repackaging;
 Language
Korean
 Cited by
 References
1.
Robert n. charette. this car runs on code. http://www.spectrum.ieee.org/feb09/7649

2.
A. Saad and U. Weinmann, "Automotive software engineering and concepts," GI. Jahrestagung., vol. 34, pp. 318-319, 2003.

3.
E. Nickel, "IBM automotive software foundry," in Proc. Conf. Comput. Sci. Autom. Ind., Frankfurt, Germany, 2003.

4.
M.Wolf, A.Weimerskirch, and T.Wollinger, "State of the art: Embedding security in vehicles," EURASIP J. Embedded Syst., vol. 2007, no. 5, p. 1, 2007.

5.
T. Nolte, H. Hansson and L.L. Bello, Automotive communications-past, current and future, in Proceedings of ETFA(Emerging Technologies and Factory Automation), 2005.

6.
K.H. Johansson, M. Torngren, L. Nielsen, "Vehicle applications of controller area network," D. Hristu-Varsakelis, W.S. Levine (Eds.), Handbook of Networked and Embedded Control Systems, Springer (2005) ISBN: 0-8176-3239-5

7.
P. Kleberger, T. Olovsson, and E. Jonsson. Security aspects of the in-vehicle network in the connected car. In Intelligent Vehicles Symposium (IV), 2011 IEEE, pages 528-533, June 2011.

8.
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental security analysis of a modern automobile. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 447-462, May 2010.

9.
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Conference on Security, SEC'11, pages 6-6, Berkeley, CA, USA, 2011. USENIX Association.

10.
https://www.blackhat.com/us-15/speakers/Charlie-Miller.html

11.
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proceedings of the 20th USENIX Conference on Security, SEC'11, pages 21-21, Berkeley, CA, USA, 2011. USENIX Association.

12.
Bosch can, 2004. www.can.bosch.com.

13.
A. Tahat, A. Said, F. Jaouni, and W. Qadamani. Android-based universal vehicle diagnostic and tracking system. In Consumer Electronics (ISCE), 2012 IEEE 16th International Symposium on, pages 137-143, June 2012.

14.
SAE standard, e/e diagnostic test modes. http://standards.sae.org/j1979201408/

15.
C. Lin, C.-C. Li, S.-H. Yang, S.-H. Lin, and C.-Y. Lin. Development of on-line diagnostics and real time early warning system for vehicles. In Sensors for Industry Conference, 2005, pages 45-51, Feb 2005.

16.
C. Furmanczyk, D. Nufer, B. Sandona, and B. Ullom. Integrating odb-ii, android, and google app engine to decrease emissions and improve driving habits.

17.
Elm electronics. http://www.elmelectronics.com/

18.
Elm327 data sheet. http://www.elmelectronics.com/DSheets/ELM327DS.pdf

19.
T. Blasing, L. Batyuk, A.-D. Schmidt, S. Camtepe, and S. Albayrak. An android application sandbox system for suspicious software detection. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, pages 55-62, Oct 2010.

20.
Google android application developer self-sign. http://developer.android.com/tools/publishing/app-signing.html.

21.
J.-H. Jung, J. Kim, H.-C. Lee, and J. Yi. Repackaging attack on android banking applications and its countermeasures. Wireless Personal Communications, 73(4):1421-1437, 2013. crossref(new window)

22.
Patrick, S. 2012. Code Protection in Android. Technical report, University of Bonn.

23.
ProGuard, http://proguard.sourceforge.net/

24.
DexGuard, https://www.guaerdsuare.com/dexguard

25.
DexProtector, https://dexprotector.com/

26.
T. Hoppe and J. Dittman. Sning/replay attacks on can buses: A simulated attack on the electric window lift classied using an adapted cert taxonomy.

27.
T. Hoppe, S. Kiltz, and J. Dittmann. Security threats to automotive can networks | practical examples and selected short-term countermeasures. In Proceedings of the 27th International Conference on Computer Safety, Reliability, and Security, SAFECOMP '08, pages 235-248, Berlin, Heidelberg, 2008. Springer-Verlag.

28.
Taenam Cho, Seung-Hyun Seo, "A Strengthened Android Signature Management Method", KSII Transactions on Internet &Information Systems, Vol. 9 Issue 3, p1210-1230. 21p.6

29.
J. Xu, S. Li, and T. Zhang. Security analysis and protection based on smali injection for android applications. In X.-h. Sun, W. Qu, I. Stojmenovic, W. Zhou, Z. Li, H. Guo, G. Min, T. Yang, Y. Wu, and L. Liu, editors, Algorithms and Architectures for Parallel Processing, volume 8630 of Lecture Notes in Computer Science, pages 577-586. Springer International Publishing, 2014.

30.
Implementation result. http://52.27.28.182/Attack.html.

31.
S. Woo, H. J. Jo, and D. H. Lee. "A practical wireless attack on the connected car and security protocol for in-vehicle CAN". Intelligent Transportation Systems, IEEE Transactions on, 16(2):993-1006, April 2015.

32.
Se Young Lee,Jin Hyung Park,Moon Chan Park,Jae Hyuk Suk,Dong Hoon Lee. "A Study on Deobfuscation Method of Android and Implementation of Automatic Analysis Tool". Journal of the Korea Institute of Information Security and Cryptology. Vol.25 No.5. pp.1201-1215