Static analysis of Android Auto infotainment and on‐board diagnostics II apps

Mandal, Amit Kr; Panarotto, Federica; Cortesi, Agostino; Ferrara, Pietro; Spoto, Fausto

doi:10.1002/spe.2698

Cited by 23 publications

(13 citation statements)

References 24 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This infection can be avoided by executing and analyzing the malicious URL in a controlled cloud sandbox: a serverless computing environment 48 . The second category of analysis is called static analysis 49 in which the investigation is processed before execution and the analysis is based on the information available in the URL. The extracted attributes may be comprising of lexical parameters in the URL string, host details, and occasionally HTML 50 and JavaScript code content 51 .…”

Section: Proposed Methodologymentioning

confidence: 99%

Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach

Marimuthu¹,

Gopalasamy²,

Ben‐Othman

2021

Softw Pract Exp

View full text Add to dashboard Cite

In the inevitably hi‐tech universe of cybercrimes, one of the major still prevailing methods is the usage of the malicious URLs and creating a Phishing link to obtain user credentials from the people. This method is highly subtle and has more effect on people's lives as well as corporate loss. To identify the malicious URLs, the security community has listed blacklists and benign links online. Still, as the technology is being developed day by day, the attackers try to create new phishing URLs using new social engineering methods that could be easily forged into the user's account. To improve the generality of malicious URL detectors, machine‐learning techniques have been explored with increasing attention in recent years. This article addresses the detection of malicious URLs combining the intelligence of both the heuristic‐based method and the machine learning process. It has been found that there are many possibilities for detecting zero‐day attacks and spear‐phishing attacks when incorporating both lexical features and machine learning methods. Out of the six‐batch learning process analyzed, we implement a decision tree algorithm in our framework with 99.47% accuracy during evaluation. The true positive values gained in our proposed hybrid framework is 99.2% and indicate <1% of the false‐positive values. The implementation shows a precision level higher than the previous model developed and by other antiphishing techniques. A high detection rate on zero‐day and spear‐phishing attacks and overall results reveal that our system outclasses the current approach to detecting phishing scams.

show abstract

Section: Proposed Methodologymentioning

confidence: 99%

Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach

Marimuthu¹,

Gopalasamy²,

Ben‐Othman

2021

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…Internet service portals (e.g., smartphone applications) are generally enablers for remotely accessing the EV features. EVs use wireless communications to exchange information with web-based and smartphone applications (e.g., Tesla for Tesla EVs and NissanConnect ® for Nissan EVs) for monitoring and controlling EV charging [81], [82]. Also, smartphones are often connected to the built-in EV IVI dashboard via bluetooth and USB ports for media playback and smartphone access.…”

Section: ) Ev-{x=internet Service Portals}mentioning

confidence: 99%

“…Content may change prior to final publication. and smartphone applications use long and medium range wireless channels such as cellular networks and WiFi [81], [82], whereas key fobs use short-range RF or near-field communication (NFC) [79], [83].…”

Section: ) Ev-{x=internet Service Portals}mentioning

confidence: 99%

Cybersecurity of Smart Electric Vehicle Charging: A Power Grid Perspective

et al. 2020

View full text Add to dashboard Cite

With the roll-out of electric vehicles (EVs), the automobile industry is transitioning away from conventional gasoline-fueled vehicles. As a result, the EV charging demand is continuously growing and to meet this growing demand, various types of electric vehicle charging stations (EVCSs) are being deployed for commercial and residential use. This nexus of EVs, EVCSs, and power grids creates complex cyber-physical interdependencies that can be maliciously exploited to damage each of these components. This paper describes and analyzes cyber vulnerabilities that arise at this nexus and points to the current and emerging gaps in the security of the EV charging ecosystem. These vulnerabilities must be addressed as the number of EVs continue to grow worldwide and their impact on the power grid becomes more viable. The purpose of this paper is to list and characterize all backdoors that can be exploited to seriously harm either EV and EVCS equipments, or power grid, or both. The presented issues and challenges intend to ignite research efforts on cybersecurity of smart EV charging and enhancing power grid resiliency against such demand-side cyberattacks in general. INDEX TERMS Cybersecurity, electric vehicles, electric vehicle charging stations, smart grids.

show abstract

“…This approach has been widely applied to the detection of SQL injections in Web applications [66], leakages of sensitive data [26,27], etc. A first attempt to apply such approach to a scenario similar to IoT was performed by Mandal et al [47] and Panarotto et al [58], that utilized this approach to detect leakages and injection vulnerabilities in Android automotive apps [49]. Huuck [40] discussed the use static code analysis to detect some of these types of issues.…”

Section: Related Workmentioning

confidence: 99%

Static analysis for discovering IoT vulnerabilities

Ferrara

Mandal

Cortesi

et al. 2020

Int J Softw Tools Technol Transfer

Self Cite

View full text Add to dashboard Cite

The Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.

show abstract

Static analysis of Android Auto infotainment and on‐board diagnostics II apps

Cited by 23 publications

References 24 publications

Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach

Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach

Cybersecurity of Smart Electric Vehicle Charging: A Power Grid Perspective

Static analysis for discovering IoT vulnerabilities

Contact Info

Product

Resources

About