Menu
Semantics, Cybersecurity & Services (SCS)
Semantics, Cybersecurity & Services (SCS)
UTFacultiesEEMCSDisciplines & departmentsSCSEducationAssignmentsFinished AssignmentsFinished Master AssignmentsFuzzing Android Automotive's CAN interface

Fuzzing Android Automotive's CAN interface

MASTER Assignment

Fuzzing Android Automotive’s CAN interface

Type : Master M-Cs

Period: Jan, 2023 - July, 2023

Student : Macarie, M. (Mihai, Student M-CS)

Date Final project: July 7, 2023

Thesis

Supervisors:

Picture of dr.ir. A. Continella (Andrea)
dr.ir. A. Continella (Andrea) Associate Professor
+31534892752
 a.continella@utwente.nl
Building: Zilverling 2023
Personal page
Picture of prof.dr.ir. R.M. van Rijswijk - Deij (Roland)
prof.dr.ir. R.M. van Rijswijk - Deij (Roland) Full Professor
+31534893448
 r.m.vanrijswijk@utwente.nl
Building: Zilverling 5061
Personal page

Abstract:

Our research aims to evaluate the cybersecurity of the Controller Area Network interface in Android Automotive using fuzzing techniques. The growing dependency of the automotive industry on cyber-physical systems exposes vehicles to new cyber risks and threats. In addition, vehicles nowadays have external connections such as Bluetooth, WiFi, and mobile networks. Previous research has uncovered numerous security issues in these systems, including unencrypted protocols and privacy concerns. In March 2017, Google introduced Android Automotive OS, an in-vehicle infotainment (IVI) operating system (OS). This operating system interacts with climate control and digital instrument clusters. Thus, cyberattacks targeted at this OS endanger vehicle safety and, as a result, in some cases, also human lives. Polestar and Volvo use Android Automotive OS, and more manufacturers plan to use it. Researchers have started investigating the security aspects of Android Automotive, but further research is necessary. In addition, there is no research on fuzzing specific components of Android Automotive. Fuzzing might identify software bugs that other testing techniques might not find. We perform fuzzing experiments on the CAN interface of Android Automotive, one of the most critical buses used in modern vehicles. We use libFuzzer and AFL for our experiments because of their integration into Android Open Source Project (AOSP) and their features. We perform experiments on AOSP emulators and car manufacturer emulators. We have noticed that AFL found several crashes during our experiments, while libFuzzer found nothing. We have also developed a modified harness that achieves higher code coverage. Furthermore, we observe that the version of the Android Automotive emulator used affects the code coverage. Finally, we have some contributions to the AFL++ fork in the repositories of AOSP.

Close
Suggestions