Ethical Hacking of Android Auto in the Context of Road Safety

Sammanfattning: With a more than ever increasing demand to interconnect smartphones with infotainment systems, Android Auto has risen in popularity with its services used in modern vehicles worldwide. However, as users progressively connect their smartphones to in-vehicle infotainment systems, the opportunity for malicious actors to endanger and access private data of Android Auto users advances as well. The goal with this thesis is to determine how secure Android Auto is for road use. The main research question is to figure out if Android Auto is susceptible to attacks that exploit certain vulnerabilities in the Android operating system. The research question was answered by creating several proof-of-concept attacks on Android Auto using an emulated infotainment system with mobile devices. An investigation was also conducted regarding the application’s communication channel between the mobile device and infotainment display. Results of this thesis demonstrate that several attacks are substantially severe to endanger drivers on the road. There is a great risk of successful exploits when running Android Auto locally on the phone without a connection to the infotainment system, and a lesser risk when connected to the infotainment system. Intercepting communication in the USB channel revealed an encryption algorithm whose version has published exploits and can be cracked to potentially exploit Android Auto.