Is Microsoft a Threat to National Security? Policy, Products, Penetrations, and Honeypots

Watkins, Trevor U.

11 June 2009

No description available.

Computer Science

Information Systems

Systems Design

Honeypots

penetration testing

national security

network security

Microsoft threat to national security

hackers

Microsoft Windows

Evaluating APS Ecosystem Security : Novel IoT Enabled Medical Platform for Diabetes Patients

Ceylan, Batuhan

January 2020

Computing technology has been getting more reliable and cheaper every year for the past several decades. Consequently, IoT devices have now become a part of medical technology. One example of this is a new open-source technology that has emerged for type-1 diabetes patients, which regulates the patients’ blood glucose levels. One component of this open-source system is AndroidAPS, a mobile application that manages and controls the system by communicating with the two other components: a blood glucose sensor and an insulin pump. Another component is Nightscout, a web application for monitoring T1D patients. Together they form the APS ecosystem that automatically i) reads blood glucose values, ii) syncs the data with Nightscout, iii) stores patient information into Nightscout database, iv) calculates optimal treatment plan, and v) regulates pump for the ideal insulin intake. The whole system bears several critical assets to guarantee patient health. In this thesis, the security of a representative APS ecosystem is studied. We found 5 critical vulnerabilities in the ecosystem: 1) an XSS vulnerability in the web application due to ineffective input sanitization which lead to stealing administrator password from browser cache, 2) highly sensitive patient data is open to public by default, 3) the web application login mechanism, where all system data is managed, is weak against password guessing attacks together with 4) insecure GET requests used for authentication, and lastly 5) any type of database hijack does not trigger any alarms for Nightscout. Successful attacks result in malicious values synchronized from Nightscout to tamper correct insulin delivery calculations. Possible attack scenarios, devised from existing vulnerabilities in this work, show how an attacker can physically harm their victims through their internet-connected insulin pump. / Datorteknik har blivit mer pålitlig och billigare varje år under de senaste decennierna. Följaktligen har IoT-enheter nu blivit en del av medicinsk teknik. Ett exempel på detta är en ny öppen källkodsteknik som har utvecklats för typ 1- diabetespatienter, som reglerar patienternas blodsockernivåer. En komponent i detta öppen källkodssystem är AndroidAPS, en mobilapplikation som hanterar och kontrollerar systemet genom att kommunicera med de två andra komponenterna: en blodsockersensor och en insulinpump. En annan komponent är Nightscout, en webbapplikation för övervakning av T1D-patienter. Tillsammans bildar de APSekosystemet som automatiskt i) läser blodsockervärden, ii) synkroniserar data med Nightscout, iii) lagrar patientinformation i Nightscout-databasen, iv) beräknar optimal behandlingsplan och v) reglerar pumpen för perfekt insulinintag. Hela systemet har flera kritiska tillgångar för att garantera patientens hälsa. I denna avhandling studeras säkerheten för ett representativt APS-ekosystem. Vi hittade 5 kritiska sårbarheter i ekosystemet: 1) en XSS-sårbarhet i webbapplikationen på grund av ineffektiv sanering av ingångar som leder till att stjäla administratörslösenord från webbläsarens cache, 2) mycket känsliga patientdata är öppna för allmänheten som standard, 3) webben applikationsinloggningsmekanism, där all systemdata hanteras, är svag mot gissningar av lösenord tillsammans med 4) osäkra GET-förfrågningar som används för autentisering, och slutligen 5) någon typ av databaskapning utlöser inga larm för Nightscout. Framgångsrika attacker resulterar i skadliga värden som synkroniseras från Nightscout för att manipulera korrekta insulinleveransberäkningar. Möjliga attackscenarier, utformade utifrån befintliga sårbarheter i detta arbete, visar hur en angripare fysiskt kan skada sina offer genom sin internetanslutna insulinpump.

security

medical device

penetration testing

web application

IoT

säkerhet

medicinsk IoT

penetrationstest

webbapplikation

Elektroteknik och elektronik

Security Analysis of a Siemens SICAM CMIC Remote Terminal Unit

Good, Emma

January 2020

In the power industry, electrical grids are undergoing a modernization intosmart grids. The new smart grids integrate the electrical grid and informationand communication technologies, such as software, automation, and informationprocessing. While enabling remote communication with devices on thegrid, putting the grid online also introduces some major problems, such as therisk of being the target of cyber attacks.In this thesis, a security analysis of the Siemens SICAM CMIC CP-8000 remoteterminal unit, used for remote monitoring and automation of electricalgrids is done. Threat modeling was done to identify vulnerabilities in the system,followed by a penetration test of the web interface, used to configure thedevice, as well as a couple of network attacks. During the penetration test, twocross-site scripting vulnerabilities were discovered, one of which could allowan unauthorized attacker to execute Javascript code in the victim’s browser. Itwas also discovered that a user’s login credentials are leaked in the browserconsole in cleartext when logging in. / I kraftindustrin genomgår elnät en modernisering till smarta elnät. De nyasmarta elnäten integrerar elnät och informations- och kommunkationsteknologi,såsom mjukvara, automatisering, och informationsbehandling. Även omdet möjliggör fjärrkommunikation så introduceras även stora problem när elnätenblir uppkopplade, till exempel risken att bli utsatt för cyberattacker.I detta examensarbete utfördes en säkerhetsanalys av en SICAM CMIC CP-8000 fjärrterminal, tillverkad av Siemens, som används för fjärrstyrning ochautomatisering av elnät. En hotmodell för att identifiera sårbarheter i systemetgjordes, följt av penetrationstesting av hemsidan som används för att konfigureraenheten, samt några nätverksattacker. Under penetrationstestningen hittadestvå cross-site scripting-sårbarheter, där den ena kunde tillåta en oautentiseradangripare att exekvera Javascript-kod i offrets webbläsare. Det upptäcktesäven att en användares inloggningsuppgifter läcktes i webbläsarens konsol iklartext när användaren loggar in.

Elektroteknik och elektronik

A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP)

Tekle, Solomon Mekonnen

07 1900

The insider threat problem is extremely challenging to address, as it is committed by insiders who are trusted and authorized to access the information resources of the organization. The problem is further complicated by the multifaceted nature of insiders, as human beings have various motivations and fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders. Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This research presents a novel insider threat prevention and prediction model, combining several approaches, techniques and tools from the fields of computer science and criminology. The model is a Privacy- Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive), opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud Diamond similar to crimes committed within the physical landscape. The model intends to act within context, which implies that when the model offers predictions about threats, it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information about insiders for the purposes of prediction, there is a need to collect current information, as the motives and behaviours of humans are transient. Context-aware systems are used in the model to collect current information about insiders related to motive and ability as well as to determine whether insiders exploit any opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any rationalizations the insider may have via neutralization mitigation, thus preventing the insider from committing a future crime. However, the model collects private information and involves entrapment that will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this thesis argues that an insider prediction model must be privacy-preserving in order to prevent further cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from being tempted to commit a crime in future. The model involves four major components: context awareness, opportunity facilitation, neutralization mitigation and privacy preservation. The model implements a context analyser to collect information related to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan. The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs keystroke and linguistic features based on typing patterns to collect information about any change in an insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime. Research demonstrates that most of the insiders who have committed a crime have experienced a negative emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers without their consent or denial of a wage increase. However, there may also be personal problems such as a divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model also assesses the capability of insiders to commit a planned attack based on their usage of computer applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and skill as well as assessing the number of systems errors and warnings generated while using the applications. The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a motivated and capable insider will exploit any opportunity in the organization involving a criminal act. Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of nullifying the rationalizations that the insider may have had for committing the crime. All information about insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders. The model also intends to identify any new behaviour that may result during the course of implementation. This research contributes to existing scientific knowledge in the insider threat domain and can be used as a point of departure for future researchers in the area. Organizations could use the model as a framework to design and develop a comprehensive security solution for insider threat problems. The model concept can also be integrated into existing information security systems that address the insider threat problem / Information Science / D. Phil. (Information Systems)

Insider threat

Fraud diamond

Context-aware system

Information security

Privacy preservation

005.8

Computer networks -- Security measures

Computer networks -- Access control

Data protection

Penetration testing (Computer security)

Computer crimes

Hackers

Computer security

Deception strategies for web application security: application-layer approaches and a testing platform

Izagirre, Mikel

January 2017

The popularity of the internet has made the use of web applications ubiquitous and essential to the daily lives of people, businesses and governments. Web servers and web applications are commonly used to handle tasks and data that can be critical and highly valuable, making them a very attractive target for attackers and a vector for successful attacks that are aimed at the application layer. Existing misuse and anomaly-based detection and prevention techniques fail to cope with the volume and sophistication of new attacks that are continuously appearing, which suggests that there is a need to provide new additional layers of protection. This work aims to design a new layer of defense based on deception that is employed in the context of web application-layer traffic with the purpose of detecting and preventing attacks. The proposed design is composed of five deception strategies: Deceptive Comments, Deceptive Request Parameters, Deceptive Session Cookies, Deceptive Status Codes and Deceptive JavaScript. The strategies were implemented as a software artifact and their performance evaluated in a testing environment using a custom test script, the OWASP ZAP penetration testing tool and two vulnerable web applications. Deceptive Parameter strategy obtained the best security performance results, followed by Deceptive Comments and Deceptive Status Codes. Deceptive Cookies and Deceptive JavaScript got the poorest security performance results since OWASP ZAP was unable to detect and use deceptive elements generated by these strategies. Operational performance results showed that the deception artifact could successfully be implemented and integrated with existing web applications without changing their source code and adding a low operational overhead.

deception

computer deception

cyberdeception

intrusion detection

intrusion deception

security

cybersecurity

web

web applications

HTTP

penetration testing

security testing

honeypots

honeytokens

decoy

active defense

attacks

web vulnerability scanners

OWASP ZAP

BodgeIt

WAVSEP

Computer Systems

Datorsystem

Détection de vulnérabilités appliquée à la vérification de code intermédiaire de Java Card / Vulnerability detection into Java Card bytecode verifier

Savary, Aymerick

30 June 2016

La vérification de la résistance aux attaques des implémentations embarquées des vérifieurs de code intermédiaire Java Card est une tâche complexe. Les méthodes actuelles n'étant pas suffisamment efficaces, seule la génération de tests manuelle est possible. Pour automatiser ce processus, nous proposons une méthode appelée VTG (Vulnerability Test Generation, génération de tests de vulnérabilité). En se basant sur une représentation formelle des comportements fonctionnels du système sous test, un ensemble de tests d'intrusions est généré. Cette méthode s'inspire des techniques de mutation et de test à base de modèle. Dans un premier temps, le modèle est muté selon des règles que nous avons définies afin de représenter les potentielles attaques. Les tests sont ensuite extraits à partir des modèles mutants. Deux modèles Event-B ont été proposés. Le premier représente les contraintes structurelles des fichiers d'application Java Card. Le VTG permet en quelques secondes de générer des centaines de tests abstraits. Le second modèle est composé de 66 événements permettant de représenter 61 instructions Java Card. La mutation est effectuée en quelques secondes. L'extraction des tests permet de générer 223 tests en 45 min. Chaque test permet de vérifier une précondition ou une combinaison de préconditions d'une instruction. Cette méthode nous a permis de tester différents mécanismes d'implémentations de vérifieur de code intermédiaire Java Card. Bien que développée pour notre cas d'étude, la méthode proposée est générique et a été appliquée à d'autres cas d'études. / Verification of the resistance of attacks against embedded implementations of the Java Card bytecode verifiers is a complex task. Current methods are not sufficient, only the generation of manual testing is possible. To automate this process, we propose a method called VTG (Vulnerability Test Generation). Based on a formal representation of the functional behavior of the system under test, a set of intrusion test is generated. This method is based on techniques of mutation and model-based testing. Initially, the model is transferred according to rules that we have defined to represent potential attacks. The tests are then extracted from the mutant models. Two Event-B models have been proposed. The first represents the structural constraints of the Java Card application files. The VTG allows in seconds to generate hundreds of abstract tests. The second model is composed of 66 events to represent 61 Java Card instructions. The mutation is effected in a few seconds. Extraction tests to generate 223 test 45 min. Each test checks a precondition or a combination of preconditions of a statement. This method allowed us to test different implementations of mechanisms through Java Card bytecode verifier. Although developed for our case study, the proposed method is generic and has been applied to other case studies.

Sécurité

Java Card

Vérification de code intermédiaire

Test d'intrusion

Mutation de spécification

Test à base de modèle

Event-B

ProB

Security

Java Card

Bytecode Verifier

Penetration Testing

Specification Mutation

Model-Based Testing

Event-B

ProB

005.8

Tor och webbplatsorakel : Konstruktion och utvärdering av webbplatsorakel från DNS-tidtagning i Tor-nätverket. / Tor and website oracles : Creation and evaluation of website oracles from timing DNS in the Tor network.

Andersson, Oscar

January 2021

This paper discsusses the question: is website oracles in Tor from timing DNS something we have to worry about? This paper builds apon the findings done by Rasmus Dahlberg and Tobias Pulls in thier paper Website Fingerprinting with Website Oracles. A website oracle is a side channel attack that answers the predicate: has this website been visited before? The website oracle is constructed and test are carried out, with great outcome, resulting in that website oracles from timing DNS is not an attack that puts individuals using Tor at risk, but certanly challanges the idea of an anonymity network when such a lot of data can be derived from DNS. / Den här uppsatsen diskuterar frågan: är ett webbplatsorakel från DNS-tidtagning i Tor en attack att oroa sig för? Uppsatsen bygger på tidigare forskning utförd av Rasmus Dahlberg och Tobias Pulls i rapporten Website Fingerprinting with Website Oracles. Ett webbplatsorakel är en sidokanalsattack som svarar på predikatet: är denna webbsida besökt av en specifik delmängd användare? Tor är ett anonymitetsnätverk för gemene man, en viktig teknik för ett utvecklande samhälle där den enskilde individens rätt över sin egen information på internet är under konstant hot. I uppsatsen förklaras vad ett webbplatsorakel är i detalj, hur webbplatsorakel fungerar i Tor-nätverket och hur detta konstrueras i detalj. Resultat presenteras och en diskussion förs med anknytning till dagens teknik och samhälle i stort. Resultaten tyder inte på någon större risk för enskilda användare av Tor men visar på en riskfylld utveckling av perceptionen av hur Tor uppfattas och hur dess rykte kan skadas om attacker likt den presenterad i uppsatsen kan vidareutvecklas. / <p>Presentation utfördes online p.g.a. coronapandemi.</p>

Tor

The Tor Project

The Onion Router

Website Oracle

Attack

Penetration Testing

Network

Security

Side channel attack

DNS

Timing

Darknet

Dark net

Tor

Nätverksteknik

Attack

Webbplatsorakel

Sidokanalsattack

Penetrationstest

Datasäkerhet

Informationssäkerhet

DNS

The Tor Project

Darknet

Dark net

Computer Sciences

Datavetenskap (datalogi)

Soil identification by vibration measurements during soil-rock sounding / Soil identification by vibration measurements during soil-rock sounding

Ehrmanntraut, Editha

January 2022

Dynamic penetration tests are frequently used as geotechnical site investigation methods. In Sweden, the main reason to choose a dynamic penetration method is to investigatedepth to bedrock, strength and deformation properties of soil, compaction, or pilingdepth. The advantage of dynamic penetration methods is that they have a betterpenetration ability than static methods and it is therefore easier to penetrate hardmaterial or rock.The most common dynamic penetration method in Sweden is soil-rock sounding. Duringsoil-rock sounding, a metal rod is drilled into the ground and measurements are taken ofdepth, drilling resistance, sinking speed, feeding force, hammer pressure, and rotationalspeed and pressure. The method is conducted in different classes with varying accuracies.Soil-rock sounding is mainly used to determine depth to bedrock, but as the drilling rodpenetrates the whole soil layer profile, there may be opportunities to gain moreknowledge about the penetrated material using the same process.The scope of this licentiate research project was to investigate whether vibrationmeasurements on the ground surface performed simultaneously with soil-rock soundingcan yield additional information about the soil layer profile and the thin layers within amaterial. Measurements were conducted in various building and infrastructure projectsin eastern Sweden between Norrköping and Stockholm/Solna and the results wereanalyzed. It was investigated whether there is a relationship between the vibration resultsand soil properties as determined by other geotechnical investigation methods in thesame area.The results show that soil-rock sounding with simultaneous vibration measurementsconstitutes a promising extension of the conventional soil-rock sounding method whichcan provide additional information about the soil layer profiles at the investigation site.Furthermore, indications can be made about overall soil layer profiles. However, thevibration signals must be adjusted due to distance attenuation before results fromdifferent depths, boreholes and sites are comparable. The different penetrated materials and their properties are correlated to the frequencycontent of the vibration signal. In this way, more information about the penetratedmaterial can be gained from the vibration measurements. The results show thatheterogeneities in the penetrated soil layer can clearly be seen in the vibration results andpatterns in these heterogeneities identified. Furthermore, the results indicate that thevibration signals can help to distinguish silt from sand/gravelly soil and boulder from rock,and the ground water table can be seen in the frequency spectrogram for granular soils. / Dynamiska sonderingsmetoder är vanliga geotekniska undersökningsmetoder. Den främsta anledningen till att välja dynamiska sonderingsmetoder i Sverige är när djup till berggrund, hållfasthets- och deformationsegenskaper av olika jordar, packning eller påldjup ska undersökas. Fördelen med dynamiska sonderingsmetoder är den bättre genomträngningsförmågan jämfört med statiska metoder. På så sätt är det enklare att sondera genom hårt jordmaterial eller berg. Den mest vanliga dynamiska sonderingsmetoden i Sverige är jord-berg-sondering. Vid jord-berg-sondering används en borrstång för att sondera marken och parametrar som djup, borrmotstånd, sjunkningshastighet, matningskraft, hammartryck liksom rotationshastighet och -tryck registreras. Metoden genomförs i olika klasser med olika noggrannheter. Jord-berg-sondering används huvudsakligen för att bestämma djup till berggrund men med tanke på att metoden genomtränger hela jordlagerprofilen vid undersökningsplatsen finns det en stor möjlighet att erhålla mer information om det genomträngda materialet i samband med jord-berg-sondering. Målet med detta forskningsprojekt var att undersöka om man kan erhålla ytterligare information om jordlagerföljden och förekomsten av tunna lager inom ett material när vibrationsmätningar på marken genomförs samtidigt som jord-berg-sondering. Mätningar genomfördes i ett flertal byggnads- och infrastrukturprojekt mellan Norrköping och Stockholm/Solna i östra Sverige och resultaten analyserades. Korrelationen mellan resultaten av vibrationsmätningarna och jordegenskaperna som utvärderades genom andra geotekniska undersökningsmetoder vid samma försöksplats. Resultaten visar att jord-berg-sondering med parallella vibrationsmätningar utgör ett lovande tillägg till den konventionella metoden där man kan erhålla ytterligare information om jordlagerprofilen vid undersökningsplatsen. Vibrationssignalerna måste dock justeras på grund av avståndsdämpning innan resultaten från olika djup, olika borrhål och olika undersökningsplatser kan jämföras mot varandra. De olika genomträngda materialen och deras egenskaper korreleras mot frekvensinnehållet av vibrationssignalen. På det sättet kan ytterligare information om det genomträngda materialet erhållas från vibrationsmätningarna. Resultaten visar att heterogeniteter av det genomträngda jordlagret ses tydligt i vibrationsresultaten och att olika mönster kan identifieras. Utöver det indikerar resultaten att vibrationssignalerna kan hjälpa till att skilja mellan silt och sandiga/grusiga jordar och mellan block och berg. Grundvattennivån kan identifieras i frekvensspektrogrammen för friktionsjordar. / <p>QC 20220329</p>

ground vibrations

dynamic penetration testing

frequency

seismic test

vibration velocity

in-situ tests

markvibrationer

dynamiska sonderingsmetoder

frekvens

seismiska försök

vibrationshastighet

in-situ-försök

Annan geovetenskap och miljövetenskap

Threat Modeling and Penetration Testing of a Yanzi IoT-system : A Survey on the Security of the system’s RF communication

Isabar, Diyala

January 2021

Internet of Thing (IoT) products have in recent years become increasingly popular with both industries and private consumers, and it has been forecasted that the number of connected devices around the world will be roughly 14 billion in the year 2022. One particular field that the booming of IoT solutions continues to create endless possibilities for is smart offices. Several different devices are connected in an office environment to create a better workplace and enable a better, faster and smarter working approach. However, while there are several advantages with IoTs, they have also introduced new security threats that can not be overlooked. In this thesis, the security of a smart office system designed by Yanzi is examined. The system consists of a gateway, 34 sensors and a cloud service embedded as a SaaS. The security analysis was performed in three steps: planning, penetration testing and reporting. Radio frequency (RF) hacking against the systems RF communication was the main focus of the work. Due to some technical issues, not all selected attacks were possible to perform. Out of three that were possible to perform, one of them revealed a security flaw. Different countermeasures for the found flaw were proposed. / ”Internet av saker” produkter har under de senaste åren blivit alltmer populära bland både industrier och privata konsumenter, och man har prognostiserat att antalet anslutna enheter runt om i världen kommer att vara ungefär 14 miljarder år 2022. Ett särskilt område som ökandet av IoT-lösningar fortsätter att skapa oändliga möjligheter för är smarta kontor. Flera olika enheter är anslutna i en kontorsmiljö för att skapa en bättre arbetsplats och möjliggöra ett bättre, snabbare och smartare arbetssätt. Även om det finns flera fördelar med IoT, har de också infört nya säkerhetshot som inte kan förbises. I denna avhandling undersöks säkerheten för ett smart kontorssystem som designats av Yanzi. Systemet består av en gateway, 34 sensorer och en molntjänst inbäddad som en SaaS. Säkerhetsanalysen utfördes i tre steg: planering, penetrationstestning och rapportering. Radiofrekvenshackning mot systemets radiokommunikation var huvudfokus för arbetet. På grund av vissa tekniska problem var det inte möjligt att utföra alla föreslagna attacker. Av de tre som var möjliga att utföra avslöjade en av dem ett säkerhetsfel. Olika motåtgärder för den funna sårbarheten föreslås.

Security

Internet of Things

penetration testing

threat assessment

threat modeling

ethical hacking

vulnerabilities

RF communication

smart office

Säkerhet

”Internet av saker”

penetrationstestning

hotbedömning

hotmodelering

etisk hacking

sårbarheter

radiokommunikation

smarta kontorN

Computer Sciences

Datavetenskap (datalogi)

Ethical Hacking of Android Auto in the Context of Road Safety

Palm, Alexander, Gafvelin, Benjamin

January 2021

With a more than ever increasing demand to interconnect smartphones with infotainment systems, Android Auto has risen in popularity with its services used in modern vehicles worldwide. However, as users progressively connect their smartphones to in-vehicle infotainment systems, the opportunity for malicious actors to endanger and access private data of Android Auto users advances as well. The goal with this thesis is to determine how secure Android Auto is for road use. The main research question is to figure out if Android Auto is susceptible to attacks that exploit certain vulnerabilities in the Android operating system. The research question was answered by creating several proof-of-concept attacks on Android Auto using an emulated infotainment system with mobile devices. An investigation was also conducted regarding the application’s communication channel between the mobile device and infotainment display. Results of this thesis demonstrate that several attacks are substantially severe to endanger drivers on the road. There is a great risk of successful exploits when running Android Auto locally on the phone without a connection to the infotainment system, and a lesser risk when connected to the infotainment system. Intercepting communication in the USB channel revealed an encryption algorithm whose version has published exploits and can be cracked to potentially exploit Android Auto. / I takt med en evigt ökande efterfrågan på att sammankoppla smarttelefoner med infotainmentsystem, har allt fler börjat använda Android Auto i sina fordon världen över. En bieffekt av att allt fler sammankopplar sina mobiler till infotainmentsystem, är att det leder till fler möjligheter för illvilliga parter att stjäla privat data och sätta Android Autoanvändares liv i fara. Målet med denna avhandling är att fastställa hur säkert Android Auto är i avseende till vägsäkerhet. Den huvudsakliga forskningsfrågan är att lista ut om Android Auto kan attackeras av attacker som utnyttjar sårbarheter i Android operativsystemet. Forskningsfrågan besvarades genom att skapa flertal konceptattacker mot Android Auto användandes av ett emulerat infotainmentsystem och mobiltelefoner. En utredning utfördes även gällande applikationens kommunikationskanal mellan telefonen och infotainmentskärmen. Resultatet från denna avhandling demonstrerade att många attacker är tillräckligt allvarliga för att äventyra trafikanternas säkerhet. Det finns en avsevärd risk för framgångsrika attacker när Android Auto körs lokalt på telefonen utan en USB koppling till infotainmentsystemet, och en liten risk när telefonen är kopplad till infotainmentsystemet. Avlyssning och uppfångning av kommunikationen i USB kanalen visade att en krypteringsalgoritm vars version har existerande sårbarheter kan avkrypteras och utnyttjas för att potentiellt attackera Android Auto.

Computer and Information Sciences

Data- och informationsvetenskap