2021
DOI: 10.3390/fi13030058
|View full text |Cite
|
Sign up to set email alerts
|

A Multi-Tier Security Analysis of Official Car Management Apps for Android

Abstract: Using automotive smartphone applications (apps) provided by car manufacturers may offer numerous advantages to the vehicle owner, including improved safety, fuel efficiency, anytime monitoring of vehicle data, and timely over-the-air delivery of software updates. On the other hand, the continuous tracking of the vehicle data by such apps may also pose a risk to the car owner, if, say, sensitive pieces of information are leaked to third parties or the app is vulnerable to attacks. This work contributes the firs… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
7
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
4

Relationship

3
6

Authors

Journals

citations
Cited by 11 publications
(7 citation statements)
references
References 21 publications
0
7
0
Order By: Relevance
“…Note that for the sake of the reproducibility of the results, we employed the free-to-use "community" edition of the tool. To our knowledge, the same tool has been exploited in the context of similar researches [59][60][61].…”
Section: Plos Onementioning
confidence: 99%
“…Note that for the sake of the reproducibility of the results, we employed the free-to-use "community" edition of the tool. To our knowledge, the same tool has been exploited in the context of similar researches [59][60][61].…”
Section: Plos Onementioning
confidence: 99%
“…Some of these applications are provided by EV manufacturers and large companies, but many are thirdparty applications which are built and distributed by independent developers [109]. Poorly developed applications contain security flaws, backdoors, and privacy loopholes [110]. In 2016, the Nissan connect app was hacked to gain control of the EV functions including the vehicle sensors, air conditioning, and heating [111].…”
Section: Mobile Application Attacksmentioning
confidence: 99%
“…For ensuring the reproducibility of the results, we used the free-to-use "community" edition of the tool. It is to be noted that Ostorlab has been utilized in the context of analogous vulnerability analysis researches, including the ones in [7,8,13,14].…”
Section: Low-level Static Analysismentioning
confidence: 99%
“…For both the analysis phases, when searching for weaknesses and vulnerabilities, we followed the methodology set out in the OWASP mobile security testing guide [3]. Actually, more or less the same methodology have been followed by [4] regarding static analysis, [5,6] regarding dynamic analysis, and [7,8] for both types of analysis.…”
mentioning
confidence: 99%