All is relatively well here at Woesnotgone
Meadow, where everyone has above average bandwidth.
In the Meadow, our residents all have one of the
many variants of the cell phone. We naturally have the iPhone and Android, and
Margie has an old-school flip phone. Our residents use this for navigation,
calling family, listening to music, and a variety of other uses. These, while
useful, have tended to be a rather important tool in daily life. While these
have grown in use and prominence, this has produced a negative bi-product. The
phone, especially the Android platform, has become a target for the attackers.
While unfortunate, this is our situation.
Across the globe, there are 5B cell phone users
(aka targets). With this vast number of users to attack, it’s no wonder these
devices are attacked and successfully compromised with regularity. One app
available on the Android system is Android Auto. The user plugs their phone
into the USB in the vehicle, and the head unit (or screen in the dash) begins
to function as an extension of the phone. This acts to interact with the
vehicle as a tenant, not as the host, meaning the vehicle is still in charge of
the head units operations, and the app is working within it. The app connects
to the head unit in the dash and allows the user access to the phone’s
functions.
This is great for the user, as they can use the
phone while in the vehicle. If the phone were to have malware or another issue,
as this connects to the vehicle, could affect the vehicle's operations, if this
were coded for the vehicle’s systems. Although this is still a proof of concept
(PoC), since there has not been an active attack, there is still the future
opportunity for a thorough compromise. Now is the time to address any potential
vulnerabilities now, while it is still less costly to fix, versus being in the
Sunday paper explaining why a compromise occurred and paying for immediate
remediation.
Thanks for visiting Woesnotgone Meadow, where
the encryption is strong, and the O/Ss are always using the latest version.
Resources
Mandal, A.K., Cortesi, A., Ferrara, P.,
Panarotto, F., & Spoto, F. (2018). Vulnerability analysis of android auto
infotainment apps. In Proceedings of the 15th ACM International Conference on
Computing Frontier, 183-190. doi:10.1145/3203217.3203278
No comments:
Post a Comment