Valet attack on privacy: a cybersecurity threat in automotive Bluetooth infotainment systems

10Citations
Citations of this article
28Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Modern automobiles are equipped with connectivity features to enhance the user’s comfort. Bluetooth is one such communication technology that is used to pair a personal device with an automotive infotainment unit. Upon pairing, the user could access the personal information on the phone through the automotive head unit with minimum distraction while driving. However, such connectivity introduces a possibility for privacy attacks. Hence, performing an in-depth analysis of the system with privacy constraints is extremely important to prevent unauthorized access to personal information. In this work, we perform a systematic analysis of the Bluetooth network of an automotive infotainment unit to exploit security and privacy-related vulnerabilities. We model the identified threat with respect to privacy constraints of the system, emphasize the severity of attacks through a standardized rating metric and then provide potential countermeasures to prevent the attack. We perform System Theoretic Process Analysis for Privacy as a part of the systematic analysis and use the Common Vulnerability Scoring System to derive attack severity. The identified vulnerabilities are due to design flaws and assumptions on Bluetooth protocol implementation on automotive infotainment systems. We then elicit the vulnerability by performing a privacy attack on the Automotive system in an actual vehicle. We use Android Open-Source Project to report our findings and propose defense strategies.

References Powered by Scopus

TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones

1002Citations
N/AReaders
Get full text

Android permissions: User attention, comprehension, and behavior

787Citations
N/AReaders
Get full text

Common vulnerability scoring system

421Citations
N/AReaders
Get full text

Cited by Powered by Scopus

How Dose Aesthetic Design Affect Continuance Intention in In-Vehicle Infotainment Systems? An Exploratory Study

8Citations
N/AReaders
Get full text

Data Is the New Oil–Sort of: A View on Why This Comparison Is Misleading and Its Implications for Modern Data Administration

3Citations
N/AReaders
Get full text

Analysis Techniques Artificial intelligence for Detection of Cyber Security Risks in a Communication and Information Security

3Citations
N/AReaders
Get full text

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Renganathan, V., Yurtsever, E., Ahmed, Q., & Yener, A. (2022). Valet attack on privacy: a cybersecurity threat in automotive Bluetooth infotainment systems. Cybersecurity, 5(1). https://doi.org/10.1186/s42400-022-00132-x

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 4

57%

Professor / Associate Prof. 2

29%

Lecturer / Post doc 1

14%

Readers' Discipline

Tooltip

Computer Science 4

50%

Engineering 3

38%

Social Sciences 1

13%

Article Metrics

Tooltip
Social Media
Shares, Likes & Comments: 1

Save time finding and organizing research with Mendeley

Sign up for free