IIT Home Page CNR Home Page

CANDY: A Social Engineering Attack to Leak Information from Infotainment System

The introduction of Information and Communications Technologies (ICT) systems into vehicles make them more prone to cyber-security attacks that may impact of vehicles capability and, consequently, on the safety of drivers, passengers. In this paper, we focus on how to exploit security vulnerabilities affecting user-to-vehicle and intra- vehicle communications to hack the infotainment system to retrieve information about both vehicle and driver. Indeed, we designed and developed CANDY, a set of malicious APP injecting in a genuine Android APP, acting as a Trojan-horse on the Android In-Vehicle infotainment system. It opens a back-door that allows an attacker to remotely access to the infotainment system. We use this back-door to hit the privacy of the driver by recording her voice and collect information circulating on the CAN bus about the vehicle. CANDY is distributed by using social engineering techniques.

2018 IEEE 87th Vehicular Technology Conference (VTC Spring), Porto, Portogallo, 2018

IIT authors:

Antonio La Marra

Foto di Antonio La Marra

Type: Contributo in atti di convegno
Field of reference: Computer Science & Engineering

File: 08417879.pdf

Activity: Architetture, protocolli e meccanismi di sicurezza per sistemi e servizi distribuiti