{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T02:02:18Z","timestamp":1769738538177,"version":"3.49.0"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031708954","type":"print"},{"value":"9783031708961","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70896-1_2","type":"book-chapter","created":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T12:03:57Z","timestamp":1725537837000},"page":"24-44","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Companion Apps or\u00a0Backdoors? On the\u00a0Security of\u00a0Automotive Companion Apps"],"prefix":"10.1007","author":[{"given":"Prashanthi","family":"Mallojula","sequence":"first","affiliation":[]},{"given":"Fengjun","family":"Li","sequence":"additional","affiliation":[]},{"given":"Xiaojiang","family":"Du","sequence":"additional","affiliation":[]},{"given":"Bo","family":"Luo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,9,6]]},"reference":[{"key":"2_CR1","unstructured":"A complete guide to hacking your vehicle bus on the cheap and easy. https:\/\/theksmith.com\/software\/hack-vehicle-bus-cheap-easy-part-1\/"},{"key":"2_CR2","unstructured":"A remote attack on the bosch drive log connector Dongle. https:\/\/argus-sec.com\/blog\/cyber-security-blog\/remote-attack-bosch-drivelog-connector-dongle\/"},{"key":"2_CR3","unstructured":"Auto cyberattacks becoming more widespread. https:\/\/semiengineering.com\/auto-cyberattacks-becoming-more-widespread"},{"key":"2_CR4","unstructured":"Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs. https:\/\/www.troyhunt.com\/controlling-vehicle-features-of-nissan\/"},{"key":"2_CR5","unstructured":"ELM 327 detailed info. https:\/\/www.sparkfun.com\/datasheets\/Widgets\/ELM327_AT_Commands.pdf"},{"key":"2_CR6","unstructured":"Hacking cars remotely with just their VIN. https:\/\/www.bitdefender.com\/blog\/hotforsecurity\/hacking-cars-remotely-with-just-their-vin"},{"key":"2_CR7","unstructured":"How to hack a car - a quick crash-course. https:\/\/www.freecodecamp.org\/news\/hacking-cars-a-guide-tutorial-on-how-to-hack-a-car-5eafcfbbb7ec"},{"key":"2_CR8","unstructured":"Hyundai \u2018Blue Link\u2019 vulnerability allows thieves to start cars remotely (update: Hyundai\u2019s statement). https:\/\/www.tomshardware.com\/news\/hyundai-blue-link-vulnerability-thieves,34248.html"},{"key":"2_CR9","unstructured":"OBD2 Explained - A Simple Intro. https:\/\/www.csselectronics.com\/pages\/obd2-explained-simple-intro"},{"key":"2_CR10","unstructured":"There\u2019s a new form of keyless car theft that works in under 2 minutes (2023)"},{"key":"2_CR11","unstructured":"Abraham, A., et\u00a0al.: Mobile Security Framework (MobSF). https:\/\/github.com\/ajinabraham\/Mobile-Security-Framework-MobSF. Accessed January 2024"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Ai, M., et al.: Blacktooth: breaking through the defense of Bluetooth in silence. In: ACM CCS (2022)","DOI":"10.1145\/3548606.3560668"},{"key":"2_CR13","unstructured":"Alrawi, O., Zuo, C., Duan, R., Kasturi, R.P., Lin, Z., Saltaformaggio, B.: The betrayal at cloud city: an empirical analysis of cloud-based mobile backends. In: USENIX Security Symposium, pp. 551\u2013566 (2019)"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Antonioli, D., Payer, M.: On the insecurity of vehicles against protocol-level Bluetooth threats. In: IEEE Security and Privacy Workshops (2022)","DOI":"10.1109\/SPW54247.2022.9833886"},{"key":"2_CR15","unstructured":"Antonioli, D., Tippenhauer, N.O., Rasmussen, K.B.: The $$\\{$$KNOB$$\\}$$ is broken: exploiting low entropy in the encryption key negotiation of Bluetooth $$\\{$$BR\/EDR$$\\}$$. In: USENIX Security Symposium (2019)"},{"key":"2_CR16","unstructured":"Avatefipour, O., Malik, H.: State-of-the-art survey on in-vehicle network communication (CAN-Bus) security and vulnerabilities. arXiv:1802.01725 (2018)"},{"key":"2_CR17","first-page":"13","volume":"10","author":"C Bernardini","year":"2017","unstructured":"Bernardini, C., Asghar, M.R., Crispo, B.: Security and privacy in vehicular communications: challenges and opportunities. Veh. Commun. 10, 13\u201328 (2017)","journal-title":"Veh. Commun."},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Bloom, G.: WeepingCAN: a stealthy can bus-off attack. In: Workshop on Automotive and Autonomous Vehicle Security (2021)","DOI":"10.14722\/autosec.2021.23002"},{"key":"2_CR19","unstructured":"Bolshev, A., Yushkevich, I.: Scada and Mobile Security in the Internet of Things Era. EMBEDI, IOActive, Whitepaper (2017)"},{"issue":"8","key":"2_CR20","doi-asserted-by":"publisher","first-page":"2364","DOI":"10.3390\/s20082364","volume":"20","author":"M Bozdal","year":"2020","unstructured":"Bozdal, M., Samie, M., Aslam, S., Jennions, I.: Evaluation of can bus security challenges. Sensors 20(8), 2364 (2020)","journal-title":"Sensors"},{"key":"2_CR21","first-page":"1","volume-title":"Securing can bus communication: An analysis of cryptographic approaches","author":"JA Bruton","year":"2014","unstructured":"Bruton, J.A.: Securing can bus communication: An analysis of cryptographic approaches, pp. 1\u20135. Nat. Univ. Ireland, Galway (2014)"},{"key":"2_CR22","doi-asserted-by":"publisher","first-page":"1092","DOI":"10.1016\/j.future.2017.12.041","volume":"108","author":"G De La Torre","year":"2020","unstructured":"De La Torre, G., Rad, P., Choo, K.K.R.: Driverless vehicle security: challenges and future research opportunities. Futur. Gener. Comput. Syst. 108, 1092\u20131111 (2020)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Demba, A., M\u00f6ller, D.P.: Vehicle-to-vehicle communication technology. In: IEEE International Conference on Electro\/Information Technology (EIT) (2018)","DOI":"10.1109\/EIT.2018.8500189"},{"issue":"2","key":"2_CR24","doi-asserted-by":"publisher","first-page":"998","DOI":"10.1109\/COMST.2014.2386139","volume":"17","author":"P Faruki","year":"2014","unstructured":"Faruki, P., et al.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutorials 17(2), 998\u20131022 (2014)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"2_CR25","unstructured":"He, D., Naveed, M., Gunter, C.A., Nahrstedt, K.: Security concerns in android mHealth apps. In: AMIA annual symposium proceedings, vol.\u00a02014, p.\u00a0645. American Medical Informatics Association (2014)"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Humayed, A.: An overview of vehicle OBD-II port countermeasures. In: International Conference on Interactive Collaborative Robotics (2023)","DOI":"10.1007\/978-3-031-35308-6_22"},{"key":"2_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-3-030-58951-6_8","volume-title":"Computer Security \u2013 ESORICS 2020","author":"A Humayed","year":"2020","unstructured":"Humayed, A., Li, F., Lin, J., Luo, B.: CANSentry: Securing CAN-based cyber-physical systems against denial and spoofing attacks. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12308, pp. 153\u2013173. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58951-6_8"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Humayed, A., Luo, B.: Poster: cyber-physical security for smart cars: taxonomy of vulnerabilities, threats, and attacks. In: ACM\/IEEE ICCPS (2015)","DOI":"10.1145\/2735960.2735992"},{"key":"2_CR29","doi-asserted-by":"crossref","unstructured":"Humayed, A., Luo, B.: Using id-hopping to defend against targeted dos on can. In: International Workshop on Safe Control of Connected and Autonomous Vehicles (2017)","DOI":"10.1145\/3055378.3055382"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Iehira, K., Inoue, H., Ishida, K.: Spoofing attack using bus-off attacks against a specific ECU of the CAN bus. In: IEEE CCNC (2018)","DOI":"10.1109\/CCNC.2018.8319180"},{"key":"2_CR31","doi-asserted-by":"publisher","first-page":"4133","DOI":"10.1109\/TIFS.2021.3098162","volume":"16","author":"M Jedh","year":"2021","unstructured":"Jedh, M., Othmane, L.B., Ahmed, N., Bhargava, B.: Detection of message injection attacks onto the can bus using similarities of successive messages-sequence graphs. IEEE Trans. Inf. Forensics Secur. 16, 4133\u20134146 (2021)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"7","key":"2_CR32","doi-asserted-by":"publisher","first-page":"6123","DOI":"10.1109\/TITS.2021.3078740","volume":"23","author":"HJ Jo","year":"2021","unstructured":"Jo, H.J., Choi, W.: A survey of attacks on controller area networks and corresponding countermeasures. IEEE Trans. Intell. Transp. Syst. 23(7), 6123\u20136141 (2021)","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"issue":"19","key":"2_CR33","first-page":"6675","volume":"7","author":"AM Krishna","year":"2020","unstructured":"Krishna, A.M., Tyagi, A.K., Prasad, S.: Preserving privacy in future vehicles of tomorrow. JCR 7(19), 6675\u20136684 (2020)","journal-title":"JCR"},{"key":"2_CR34","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1016\/j.infsof.2017.04.001","volume":"88","author":"L Li","year":"2017","unstructured":"Li, L., et al.: Static analysis of android apps: a systematic literature review. Inf. Softw. Technol. 88, 67\u201395 (2017)","journal-title":"Inf. Softw. Technol."},{"key":"2_CR35","unstructured":"LinkedIn: QARK (2018). https:\/\/github.com\/linkedin\/qark"},{"key":"2_CR36","doi-asserted-by":"crossref","unstructured":"Mandal, A.K., Panarotto, F., Cortesi, A., Ferrara, P., Spoto, F.: Static analysis of android auto infotainment and on-board diagnostics II apps. Softw. Pract. Experience 49(7), 1131\u20131161 (2019)","DOI":"10.1002\/spe.2698"},{"key":"2_CR37","doi-asserted-by":"crossref","unstructured":"Nowdehi, N., Lautenbach, A., Olovsson, T.: In-vehicle can message authentication: an evaluation based on industrial criteria. In: IEEE VTC (2017)","DOI":"10.1109\/VTCFall.2017.8288327"},{"key":"2_CR38","unstructured":"Serag, K., et al.: $$\\{$$ZBCAN$$\\}$$: A $$\\{$$Zero-Byte$$\\}$$$$\\{$$CAN$$\\}$$ defense system. In: USENIX Security (2023)"},{"key":"2_CR39","unstructured":"Serag, K., Bhatia, R., Kumar, V., Celik, Z.B., Xu, D.: Exposing new vulnerabilities of error handling mechanism in $$\\{$$CAN$$\\}$$. In: USENIX Security Symposium (2021)"},{"key":"2_CR40","volume":"20","author":"S Sharma","year":"2019","unstructured":"Sharma, S., Kaushik, B.: A survey on internet of vehicles: applications, security issues & solutions. Veh. Commun. 20, 100182 (2019)","journal-title":"Veh. Commun."},{"key":"2_CR41","unstructured":"skylot: Jadx - Dex to Java decompiler (2020)"},{"key":"2_CR42","unstructured":"skylot: On-board diagnostic II (OBD II) systems fact sheet (2019). https:\/\/ww2.arb.ca.gov\/resources\/fact-sheets\/board-diagnostic-ii-obd-ii-systems-fact-sheet"},{"key":"2_CR43","unstructured":"Tian, D.J., et\u00a0al.: Attention spanned: comprehensive vulnerability analysis of $$\\{$$AT$$\\}$$ commands within the android ecosystem. In: USENIX Security (2018)"},{"key":"2_CR44","unstructured":"Tian, Y., et al.: SmartAuth: user-centered authorization for the internet of things. In: USENIX Security Symposium, vol.\u00a05, pp.\u00a08\u20132 (2017)"},{"key":"2_CR45","unstructured":"Van\u00a0Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth-a simple, backward compatible broadcast authentication protocol for can bus. In: ECRYPT workshop on Lightweight Cryptography, vol.\u00a02011, p.\u00a020. ECRYPT (2011)"},{"key":"2_CR46","unstructured":"Wen, H., Chen, Q.A., Lin, Z.: Plug-N-Pwned: Comprehensive vulnerability analysis of OBD-II dongles as a new over-the-air attack surface in automotive IoT. In: USENIX Security Symposium (2020)"},{"key":"2_CR47","doi-asserted-by":"crossref","unstructured":"Wen, H., Zhao, Q., Chen, Q.A., Lin, Z.: Automated cross-platform reverse engineering of can bus commands from mobile apps. In: NDSS (2020)","DOI":"10.14722\/ndss.2020.24231"},{"key":"2_CR48","doi-asserted-by":"crossref","unstructured":"Yu, L., et\u00a0al.: Towards automatically reverse engineering vehicle diagnostic protocols. In: USENIX Security Symposium (2022)","DOI":"10.1109\/ICDCS57875.2023.00132"},{"key":"2_CR49","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Ge, B., Li, X., Shi, B., Li, B.: Controlling a car through OBD injection. In: IEEE International Conference on Cyber Security and Cloud Computing (2016)","DOI":"10.1109\/CSCloud.2016.42"},{"key":"2_CR50","doi-asserted-by":"crossref","unstructured":"Zhang, Y., et al.: Detecting third-party libraries in android applications with high precision and recall. In: IEEE International Conference on Software Analysis, Evolution and Reengineering (2018)","DOI":"10.1109\/SANER.2018.8330204"},{"key":"2_CR51","doi-asserted-by":"crossref","unstructured":"Zhao, J., Chen, Y., Gong, Y.: Study of connectivity probability of vehicle-to-vehicle and vehicle-to-infrastructure communication systems. In: IEEE VTC (2016)","DOI":"10.1109\/VTCSpring.2016.7504493"},{"key":"2_CR52","doi-asserted-by":"crossref","unstructured":"Zuo, C., Lin, Z., Zhang, Y.: Why does your data leak? Uncovering the data leakage in cloud from mobile apps. In: IEEE Symposium on Security & Privacy (2019)","DOI":"10.1109\/SP.2019.00009"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70896-1_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T12:04:28Z","timestamp":1725537868000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70896-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031708954","9783031708961"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70896-1_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"6 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}