University of Twente Student Theses
Fuzzing Android Automotive's CAN interface
Macarie, Mihai (2023) Fuzzing Android Automotive's CAN interface.
|
PDF
2MB |
| Abstract: | Our research aims to evaluate the cybersecurity of the Controller Area Network interface in Android Automotive using fuzzing techniques. The growing dependency of the automotive industry on cyber-physical systems exposes vehicles to new cyber risks and threats. In addition, vehicles nowadays have external connections such as Bluetooth, WiFi, and mobile networks. Previous research has uncovered numerous security issues in these systems, including unencrypted protocols and privacy concerns. In March 2017, Google introduced Android Automotive OS, an in-vehicle infotainment (IVI) operating system (OS). This operating system interacts with climate control and digital instrument clusters. Thus, cyberattacks targeted at this OS endanger vehicle safety and, as a result, in some cases, also human lives. Polestar and Volvo use Android Automotive OS, and more manufacturers plan to use it. Researchers have started investigating the security aspects of Android Automotive, but further research is necessary. In addition, there is no research on fuzzing specific components of Android Automotive. Fuzzing might identify software bugs that other testing techniques might not find. We perform fuzzing experiments on the CAN interface of Android Automotive, one of the most critical buses used in modern vehicles. We use libFuzzer and AFL for our experiments because of their integration into Android Open Source Project (AOSP) and their features. We perform experiments on AOSP emulators and car manufacturer emulators. We have noticed that AFL found several crashes during our experiments, while libFuzzer found nothing. We have also developed a modified harness that achieves higher code coverage. Furthermore, we observe that the version of the Android Automotive emulator used affects the code coverage. Finally, we have some contributions to the AFL++ fork in the repositories of AOSP. |
| Item Type: | Essay (Master) |
| Clients: | TNO, Groningen, Netherlands |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 02 science and culture in general, 30 exact sciences in general, 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/95607 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page