Federica Panarotto scite author profile

Federica Panarotto

4Publications

20Citation Statements Received

59Citation Statements Given

How they've been cited

How they cite others

Affiliations

University of Verona

Publications

Order By: Most citations

Static analysis of Android Auto infotainment and on‐board diagnostics II apps

et al. 2019

View full text Add to dashboard Cite

Summary Smartphone and automotive technologies are rapidly converging, letting drivers enjoy communication and infotainment facilities and monitor in‐vehicle functionalities, via on‐board diagnostics (OBD) technology. Among the various automotive apps available in playstores, Android Auto infotainment and OBD‐II apps are widely used and are the most popular choice for smartphone to car interaction. Automotive apps have the potential of turning cars into smartphones on wheels but can be also the gateway of attacks. This paper defines a static analysis that identifies potential security risks in Android infotainment and OBD‐II apps. It identifies a set of potential security threats and presents an actual static analyzer for such apps. It has been applied to most of the highly rated infotainment apps available in the Google Play store, as well as on the available open‐source OBD‐II apps, against a set of possible exposure scenarios. Results show that almost 60% of such apps are potentially vulnerable and that 25% pose security threats related to the execution of JavaScript. The analysis of the OBD‐II apps shows possibilities of severe controller area network injections and privacy violations, because of leaks of sensitive information.

show abstract

Vulnerability analysis of Android auto infotainment apps

Mandal

Cortesi

Ferrara³

et al. 2018

View full text Add to dashboard Cite

With over 2 billion active mobile users and a large array of features, Android is the most popular operating system for mobile devices. Android Auto allows such devices to connect with an in-car compatible infotainment system, and it became a popular choice as well. However, as the trend for connecting car dashboard to the Internet or other devices grows, so does the potential for security threats. In this paper, a set of potential security threats are identified, and a static analyzer for the Android Auto infotainment system is presented. All the infotainment apps available in Google Play Store have been checked against that list of possible exposure scenarios. Results show that almost 80% of the apps are potentially vulnerable, out of which 25% poses security threats related to execution of JavaScript. CCS CONCEPTS• Security and privacy → Abstract Interpretation; Static Analysis;

show abstract

Static Analysis of Android Apps Interaction with Automotive CAN

Panarotto

Cortesi

Ferrara³

et al. 2018

View full text Add to dashboard Cite

Modern car infotainment systems allow users to connect an Android device to the vehicle. The device can then interact with all hardware components of the car. This can for instance provide new interaction mechanisms to the driver. However, this can also be misused, becoming a major security breach into the car, with subsequent security concerns: the Android device can both read sensitive data (speed, model, airbag status) and send dangerous commands (brake, lock, airbag explosion). Moreover, this scenario is unsettling since Android devices are usually connected to the cloud, opening the door to remote attacks from malicious users or the cyberspace. The OpenXC platform is an open source API that allows Android application to interact with the car's hardware. In this article, we study this library and show how it can be used to create injection attacks. Moreover, we introduce a novel static analysis that identifies such attacks before they occur in real life. This analysis has been implemented in the Julia static analyzer and finds injection vulnerabilities in actual apps published in the Google Play marketplace.

show abstract

A Calculus of Anyons

Pierro

Panarotto

2014

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.