Please note: This PhD seminar will take place online.
Parjanya Vyas, PhD candidate
David R. Cheriton School of Computer Science
Supervisors: Professors N, Asokan, Yousra Aafer
The Android Automotive Operating System (AAOS) is a specialized version of the Android OS designed for in-vehicle infotainment and system control. Prominent automakers such as Honda, General Motors (GM), Volvo, and Ford have already adopted it in their latest vehicles. Despite its popularity, the security of AAOS integration has hardly been evaluated, particularly at the framework layer, where auto feature and access control anomalies are likely to arise.
To bridge the gap, we perform the first security evaluation of automotive entry points in AAOS. Our study is enabled by AutoAcRaptor, an automated pipeline that leverages static analysis to identify automotive entry points, generate their access control and auto feature specifications, and analyze them for potential security risks. Our evaluation of AutoAcRaptor on two AOSP and eight automaker AAOS images demonstrates that it is able to identify 23 auto feature and access control anomalies, on average per ROM. We report ten cases to the corresponding automakers. At the time of writing, five have been acknowledged while the rest are pending verification.