Infotainment System Matters: Understanding the Impact and Implications of In-Vehicle Infotainment System Hacking with Automotive Grade Linux

Seonghoon Jeong, Minsoo Ryu, Hyunjae Kang, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

An in-vehicle infotainment (IVI) system is connected to heterogeneous networks such as Controller Area Network bus, Bluetooth, Wi-Fi, cellular, and other vehicle-to-everything communications. An IVI system has control of a connected vehicle and deals with privacy-sensitive information like current geolocation and destination, phonebook, SMS, and driver's voice. Several offensive studies have been conducted on IVI systems of commercialized vehicles to show the feasibility of car hacking. However, to date, there has been no comprehensive analysis of the impact and implications of IVI system exploitations. To understand security and privacy concerns, we provide our experience hosting an IVI system hacking competition, Cyber Security Challenge 2021 (CSC2021). We use a feature-flavored infotainment operating system, Automotive Grade Linux (AGL). The participants gathered and submitted 33 reproducible and verified proofs-of-concept exploit codes targeting 11 components of the AGL-based IVI testbed. The participants exploited four vulnerabilities to steal various data, manipulate the IVI system, and cause a denial of service. The data leakage includes privacy, personally identifiable information, and cabin voice. The participants proved lateral movement to electronic control units and smartphones. We conclude with lessons learned with three mitigation strategies to enhance the security of the IVI system.

Original languageEnglish
Title of host publicationCODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages201-212
Number of pages12
ISBN (Electronic)9798400700675
DOIs
Publication statusPublished - 2023 Apr 24
Event13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023 - Charlotte, United States
Duration: 2023 Apr 242023 Apr 26

Publication series

NameCODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy

Conference

Conference13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023
Country/TerritoryUnited States
CityCharlotte
Period23/4/2423/4/26

Bibliographical note

Publisher Copyright:
© 2023 ACM.

Keywords

  • automotive grade linux
  • car hacking
  • cybersecurity competition
  • exploit
  • privacy leakage
  • vulnerability

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Information Systems
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Infotainment System Matters: Understanding the Impact and Implications of In-Vehicle Infotainment System Hacking with Automotive Grade Linux'. Together they form a unique fingerprint.

Cite this