Digital Forensic Analysis for Vehicle Infotainment Systems based on Packet Fingerprinting | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Digital Forensic Analysis for Vehicle Infotainment Systems based on Packet Fingerprinting Yeonghun Shin, Geon Yu, Taeshik Shon This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4664910/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 15 You are reading this latest preprint version Abstract With the increasing number of in-vehicle computing systems and rapid development of technologies, such as autonomous driving technology, various IoT technologies are being incorporated into vehicles. In these scenarios, a vehicle is typically connected to a smartphone or various sensors to exchange information based on wireless communication. While this is convenient for the driver, from a security standpoint, it means exposing the vehicle to a new cyberattack surface: wireless communication attacks. Therefore, active research on security inspection and improvement for wireless communication in vehicular environments is required. Some studies in this regard have raised security issues, but little digital forensic research has been conducted on the issues raised. Against this background, we conducted a case study based on packet fingerprinting to improve the level of security in wireless communication in a vehicular environment (i.e., in-vehicle wireless communications). Packet fingerprinting was applied to 11 in-vehicle infotainment systems. Consequently, devices and services in use were identified from wireless network packets. Images of internal storage data were acquired from three in-vehicle infotainment systems, and a file system-based analysis was performed on the images to derive digital forensic artifacts related to the packets stored in the vehicle systems. Further analysis was conducted by combining the derived artifacts with the packet fingerprinting results. Our findings indicate that the security level of wireless communication in various in-vehicle infotainment system environments can be evaluated and improved. Moreover, we provide various identification information and digital forensic artifacts derived from various in-vehicle infotainment systems. Digital Forensics File System In-vehicle Network Infotainment Figures Figure 1 Figure 2 1 Introduction Currently, most vehicles have in-vehicle infotainment systems installed, in which various operating systems (OSs) and open-source vehicle platforms are used. In 2017, Google announced Android Automotive OS (AAOS), an OS for vehicles. It had a small market share in the field of automotive OSs, as it was used in only a small number of vehicles. However, recently, several vehicle manufacturers, including BMW, GM, and Chevy, are integrating AAOS into vehicles (Amadeo 2023 , Tsui 2023 , Julich 2022 ). Automotive Grade Linux (AGL), developed by the Linux Foundation and announced in 2016, is an open-source platform for vehicles that can be used in various fields, such as in-vehicle infotainment and telematics; AGL has more than 150 members, including 10 vehicle manufacturers, and has been integrated into Toyota and Lexus vehicles since 2018 (AGL 2018 , AGL 2022 ). These in-vehicle OSs and open-source platforms are expected to be installed in most vehicles soon. Hence, the latest vehicles include at least one computing system, and with the recent rapid development of vehicle technology, such as autonomous driving, the number of computing systems in vehicles is increasing rapidly (Liu 2019, Liu 2020). Additionally, various IoT technologies are being introduced in vehicles (Jo et al. 2022 ), and images from front, rear, left, and right cameras can now be combined to provide a 360-degree view of a vehicle’s surroundings. There are also driver assistance systems that utilize Augmented Reality technology. Furthermore, more sensors are being installed in vehicles than ever before (Jo et al. 2022 ). The various IoT devices and sensors installed in a vehicle collect various types of information from the surroundings and transmit them to the vehicle through wireless communication (Strandberg et al. 2022 ). Current in-vehicle communication environments are different from previously when communication was only internal and there were no external connections. Presently, there is active communication with the outside world, with vehicles containing powerful computing systems and a wide range of sensors that continuously transmit data wirelessly to both the manufacturers and vehicles. The infotainment system installed in a vehicle and the driver’s smartphone can communicate wirelessly. With its wireless connection to devices, such as sensors, smartphones, and IoT, a vehicle is exposed to external threats (Hasan 2020). Consequently, vehicles are exposed to a greater cybersecurity attack surface than ever before and the seriousness of this has steadily increased (Mahr 2022). In reality, there have been cases of eavesdropping on IoT devices that operate based on a wireless connection and an attacker has conducted a remotely-controlled attack on an IoT device (Lakshmanan 2022 ). Such an attack case is a security threat that can occur even in current vehicles using wireless communication. For example, there was a report of vulnerabilities affecting vehicles from 16 manufacturers, which enabled attackers to remotely take control of the affected vehicles (Hope 2023 ). Cyberattacks on in-vehicle wireless communication, such as wireless packet manipulation and replay attack, are serious problems that can directly harm vehicles and drivers. This security consideration has been an issue in other wireless communication environments, such as IoT, smart factories, and mobile telecommunications (Kim et al. 2022 , Kim et al. 2020 , Kim et al. 2023 , Kwon et al. 2020 ). Accordingly, various studies have been conducted on the application of fingerprinting techniques to improve the security level in various wireless communication environments. Fingerprinting is a technique that has been actively used thus far to evaluate and improve the security level of wireless communication in various sectors (Chowdhury et al. 2020 , Hamad et al. 2019 , Klein et al. 2009 , Lin & Chang 2019 , Skowron et al. 2020 ). In addition, studies have been conducted on the exposure of sensitive information based on wireless communication packet analysis in an IoT environment and the possibility of attack (Chen 2022 , Jo et al. 2019 ). However, digital forensic research on the security of wireless communications in vehicle environments have not been sufficiently conducted. Existing studies have been limited to acquiring data and deriving artifacts from mobile devices connected to vehicles (Mahr 2022, Ebbers et al. 2021 , Ebbers et al. 2021 , Le-Khac et al. 2020 , Shin et al. 2020 , Shin et al. 2022 ). Against this context, there is an increasing need for digital forensic research on in-vehicle wireless communications. Accordingly, we conducted a digital forensic case study to identify security threats and digital forensic evidence in in-vehicle wireless communications. Most wireless communication in vehicular environments is based on infotainment systems. To extract meaningful information in wireless communications, the analyses included file system analysis of infotainment systems and connected devices. The contributions of this study can be summarized as follows: ● Case studies were conducted to identify security threats and digital forensic evidence in wireless communication in various in-vehicle infotainment systems. This can improve the security level of in-vehicle wireless communications. ● We conducted a case study involving 11 infotainment systems to fully reflect the diversity of in-vehicle infotainment environments. There were five vehicle head units, three navigation systems, and three emulator-based infotainment systems. Accordingly, our case study results can contribute to in-vehicle infotainment system forensics in various environments. ● Through the case studies, digital forensic evidence and identification information derived from each infotainment system are organized and presented. This can assist digital forensic investigators conducting investigations in in-vehicle wireless communications. The remainder of this paper is organized as follows. Section 2 presents research related to in-vehicle infotainment systems. Section 3 describes a case study conducted on an in-vehicle infotainment system. Section 4 describes the experimental conditions. Section 5 presents the findings of the case study and the identified digital forensic evidence. Section 6 discusses the implications of the findings and limitations of the study. Section 7 summarizes the study and points to future directions of research. 2 Related Works Various studies have been conducted on fingerprinting to improve the security of wireless communication environments. Skowron et al. investigated privacy risks for IoT devices, focusing on information leakage caused by network fingerprinting attacks, and a method was proposed to mitigate data privacy risks (Skowron et al. 2020 ). Chowdhury et al. created device fingerprints using network packets collected from IoT devices. Based on this, a method for identifying IoT devices was proposed (Chowdhury et al. 2020 ). Klein et al. used an RF fingerprinting technique to improve wireless network security. They proposed a method for distinguishing devices in a wireless network environment based on RF fingerprinting (Klein et al. 2009 ). Hamad et al. proposed a more advanced fingerprinting method to solve security problems in an IoT environment using various vendors, standards, and protocols (Hamad et al. 2019 ). Lin et al. proposed a radio-frequency fingerprint extraction method based on a fractional Fourier transform for transient signals (Lin & Chang 2019 ). Thus, fingerprinting studies have been conducted to improve the security of wireless communication. However, research on fingerprinting the in-vehicle infotainment environment remains lacking. Chen et al. studied a radio-frequency fingerprint-based in-vehicle communication identification scheme. Nevertheless, research on the fingerprinting of Bluetooth and Wi-Fi, which are used to provide in-vehicle infotainment services, has not been conducted (Chen 2022 ). A technical study was conducted on an IoT platform to evaluate the security of wireless communication and respond to wireless attacks. Jo et al. and Shin et al. performed network traffic analysis to evaluate the security level of a smart speaker wireless communication environment. Based on the analysis results, a replay attack was performed to steal personal information stored in the vendor's cloud server, thereby demonstrating vulnerabilities in wireless communication security (Jo et al. 2019 , Shin et al. 2020 ). Anajemba et al. proposed a technique to prevent eavesdropping attacks and improve the security of the wireless communication environment of an Industrial IoT (IIoT) system (Anajemba et al. 2022 ). Liu et al. proposed a network immune system based on a programming-protocol-independent packet processor to prevent eavesdropping attacks in IoT environments. Although various studies have been conducted to improve the security of wireless communication, they have not been sufficiently conducted for in-vehicle communication environments (Liu et al. 2021 ). In Woo et al., as the in-vehicle internal network controller area network (CAN) changed to an external network (4G/5G Mobile Network) owing to the development of vehicle-based technologies such as connected cars, long-distance wireless attacks using CAN vulnerabilities became possible. The authors proposed a security protocol to address the problem. However, this was limited to the case where a self-diagnosis app is installed on a smartphone, and security checks for wireless communication (Bluetooth and Wi-Fi) occurring in the in-vehicle infotainment system have not been performed (Woo et al. 2014 ). Antonioli et al. evaluated potential attack threats to Bluetooth communication in in-vehicle infotainment systems; however, no methods have been proposed to improve the security (Antonioli & Payer 2022). From the foregoing, various digital forensic studies have been conducted on in-vehicle infotainment systems. However, studies related to the acquisition of infotainment systems’ internal storage data or data stored in smartphones, and the analysis of the wireless communication environment have not been sufficiently performed (Mahr 2022, Ebbers et al. 2021 , Edwards & Mahalik 2019, Le-Khac et al. 2020 , Liu et al. 2021 ). Shin et al. analyzed the wireless communication section of the infotainment system; however, most of the analysis was on Bluetooth communication and sufficient analysis on Wi-Fi communication was not performed (Shin et al. 2022 ). To summarize the discussion above, in a situation of increasing attack surface for wireless communication in in-vehicle infotainment environments, research on solving this problem has not been sufficiently conducted. It is necessary to conduct digital forensic research on security evaluation and improvement from varied perspectives, such as studies conducted on other platforms, including IoT. Therefore, in this study, packet fingerprinting research was conducted to evaluate and improve the security level of wireless communication in in-vehicle infotainment systems. 3 Forensic Methods for In-Vehicle Infotainment This section describes a packet fingerprinting method for evaluating the security level of wireless communication in an in-vehicle infotainment environment and identifying connected devices and services. In addition, a file system analysis method for validating the results of packet fingerprinting analysis is presented. 3.1 Packet Fingerprinting Wireless communication in a vehicular environment was analyzed for packet fingerprinting. This was a three-stage process: (1) packet acquisition, (2) device fingerprinting, and (3) application fingerprinting. Packet acquisition is a step in investigative methods to collect wireless communications packets. First, the wireless communication protocols (Wi-Fi and Bluetooth) supported by the connected devices in the vehicular environment are identified. Second, a method for collecting wireless communication data is determined based on the protocols identification results. In general, because it is difficult to collect wireless communication packets from in-vehicle infotainment systems, such as those that do not support connections with a personal computer, these packets are collected from devices connected to the vehicle. Tools such as tcpdump, PacketLogger, and Wireshark were used to collect the packets. The wireless communication packet collection channel was either Bluetooth or Wi-Fi; however, if both were supported, Android Auto and Apple CarPlay services that use packets that communicate using both channels were also collected (Google 2023 , Apple 2023 ). The collected packets were then analyzed via a two-step process: device fingerprinting (to identify the device) and application fingerprinting to identify the service used by the vehicle infotainment system. The Wireshark network protocol analyzer was used for packet analysis. In addition, fingerprint generation and identification of security vulnerabilities that can be exploited for personal information leakage and cyberattacks were performed. The goal of the device fingerprinting step is to generate a fingerprint to identify each connected device in the wireless communication. It analyzes the collected packets to derive information that can identify the device, such as vendor, Bluetooth address, Bluetooth device name, Wi-Fi address, MAC address, and International Mobile Equipment Identity. The application fingerprinting step aims to generate a fingerprint from wireless communication packets to identify the service being used in the in-vehicle infotainment system. The collected packets were analyzed to derive information that could identify the services in use, such as AirPlay, Google Automotive Link, Android Auto, and Apple CarPlay. 3.2 File System Analysis In file system analysis, the internal storage of the in-vehicle infotainment system was analyzed and the analysis results were used to validate previously obtained packet fingerprinting results. The file system analysis was performed in three stages: (1) image acquisition, (2) image comparison, and (3) artifact derivation. The goal of the image-acquisition step is to conduct research on a suitable method to acquire data from in-vehicle storage. First, the connection interface supported by the in-vehicle infotainment system, external storage device, and developer function tools were investigated. A method was derived for collecting data from the in-vehicle infotainment system, and, based on this method, internal vehicle data were acquired. The image comparison step is to identify data changes after the case study vehicle and smartphone are connected and exchange data. To this end, internal storage data before and after using the in-vehicle infotainment system were imaged. Subsequently, the two images were compared to identify newly created or deleted data. Based on the results, the digital forensic analysis technique and direction for the next step were determined (Kim et al. 2022 ). Artifact derivation aims to perform analysis based on various types of information derived from image comparison. Deleted files were recovered based on file system metadata, and information about the in-vehicle infotainment system and connected devices was obtained through various analyses as described in previous studies (Kim et al. 2021 , Lee & Shon 2022, Lee et al. 2020 ). In addition, artifacts related to wireless communication in in-vehicle infotainment environments were acquired and used to validate previously obtained packet fingerprinting results. 4 Specifications of Infotainment Systems Used in Case Study This section describes the various devices used in the case study and configuration of the experimental environment. Three functional categories of in-vehicle infotainment systems were used: (1) head unit, (2) navigation, and (3) emulator-based systems. A head unit is a display/audio system installed as a basic option in an actual vehicle, a navigation system is a vehicle-mounted display/audio system that can be purchased in the open market, and an emulator is an infotainment system provided in open source or image form for distribution. Table 1 summarizes the specifications of 11 vehicle infotainment systems used in the case study. A survey of the systems was conducted from five perspectives as follows. Table 1. Details of In-Vehicle Infotainment System Used in the Experiment Category Infotainment System Platform Wireless Connectivity Wireless Connection with External Devices Packet Acquisition Vehicle Data Acquisition Head Unit KIA Sorento (2023) ccOS Bluetooth Supported (Wi-Fi) O X Head Unit KIA EV6 (2021) ccOS Bluetooth Supported (Wi-Fi) O X Head Unit KIA K5 (2016) ccOS Bluetooth Supported (Wi-Fi) O X Head Unit BMW NBT HU EVO BMW OS Bluetooth, Wi-Fi - CarPlay Only X Head Unit BMW X5 45e xLine BMW OS Bluetooth, Wi-Fi - O X Navigation 2022 Threecar Universal Navigation Android-based Bluetooth, Wi-Fi - O O Navigation Bouwoima 7 Inch Double Din Car Stereo Linux-based Bluetooth, Wi-Fi - O X Navigation Pioneer AVH-Z5050BT Vendor Specific Bluetooth, Wi-Fi - O X Emuator Raspberry Pi 4 OpenAuto Bluetooth, Wi-Fi Supported O O Emuator Raspberry Pi 4 Automotive Grade Linux Bluetooth Unsupported Bluetooth Only O Emuator Raspberry Pi 4 Android Automotive OS Bluetooth Unsupported Bluetooth Only O 4.1 Platform This is an investigation of the entire system, including the OS installed in the in-vehicle infotainment system. Vendor-specific head units, such as Hyundai Motor Group’s connected car operating system (ccOS) and BMW’s BMW OS were used. For navigation, open-source platforms, such as Linux, were mainly used. Equally, open-source vehicle OS emulator platforms, such as OpenAuto, AGL, and AAOS were installed and used on each Raspberry Pi 4 device. 4.2 Wireless Connectivity Wireless connectivity was investigated to identify the wireless communication support specifications for each in-vehicle infotainment environment. We investigated whether each infotainment system supports Bluetooth and Wi-Fi, which are wireless communication methods used to connect smartphones. Most of the infotainment systems supported both Bluetooth and Wi-Fi, although only Bluetooth was supported in the case of KIA Sorento/EV6/K5, AGL, and AAOS. 4.3 Wireless Connectivity via External Devices A wireless connection via an external device was investigated for any infotainment system that did not support either Bluetooth or Wi-Fi connectivity. As some infotainment systems did not support Wi-Fi connectivity, we investigated whether Wi-Fi connection is possible using an external device such as a USB-based Wi-Fi adapter. We confirmed that a Wi-Fi connectivity was possible using an external device in the KIA Sorento/EV6/K5. We were thus able to confirm that wireless use of Android Auto and Apple CarPlay infotainment services was possible. Connectivity via Wi-Fi through an external device was possible for AGL and AAOS; however, it was impossible to wirelessly use infotainment services, such as Android Auto and Apple CarPlay. Wireless connectivity of Android Auto service was possible for OpenAuto, whereas an external device was required for Apple CarPlay. 4.4 Packet Acquisition Packet acquisition summarizes the results of investigations on whether or not wireless communication packets can be collected in an in-vehicle infotainment environment. We confirmed that Bluetooth communication packets could be collected in all infotainment systems. In the case of Wi-Fi, packets collection was confirmed on all devices that supported two of the three emulators. The BMW NBT HU EVO system supported both Bluetooth and Wi-Fi connectivity, but did not support the Android Auto service; hence, packet collection was only confirmed for Apple CarPlay service. 4.5 Vehicle Data Acquisition Vehicle data acquisition summarizes the results of investigations on whether the internal storage of an infotainment system can be acquired. For each of the 11 types of infotainment systems, we investigated the interface connectivity to obtain internal storage data and whether a data extraction function was supported. In addition, we investigated whether there is an external storage device or an accessible flash memory on the system’s printed circuit board. Consequently, we confirmed that internal data could be acquired only from one navigation and three emulators. In most cases, the infotainment systems had no interface connectivity and storage device to which physical data acquisition techniques, such as chip-off, could be applied. The 2022 model Threecar Universal Navigation was the only infotainment system with NAND flash memory capable of chip-off data extraction. However, because data could only be obtained through chip-off, only data obtained after navigation was used. This implies that the image comparison step of file system analysis could not be applied. For the emulators, acquisition of internal storage data was easy because their operations incorporate the use of MicroSDs, which are non-volatile and portable. 5 Case Study and Results This section presents the design of a case study conducted on infotainment systems and the forensic artifacts obtained as a result of the case study. Subsection 5.1 describes the forensic analysis methods applied to 11 infotainment systems. Subsection 5.2 describes the use of smartphones and digital forensic tools used to perform forensic analysis. Subsection 5.3 describes the actual process of conducting the case study. The case study results are presented in the last three subsections. Similar categories of infotainment systems have similar wireless connectivity and vehicle data acquisition supports. Therefore, we organized the analysis results and derived identification information by category. Subsection 5.4 describes the head unit, Subsection 5.5 the navigation, and Subsection 5.6 the emulator systems analyses results. Table 2. Forensic Analysis Methods Applied to Infotainment Systems Category Infotainment System Packet Fingerprinting File System Analysis Head Unit KIA Sorento (2023) Supported Not Supported Head Unit KIA EV6 (2021) Supported Not Supported Head Unit KIA K5 (2016) Supported Not Supported Head Unit BMW NBT HU EVO Supported Not Supported Head Unit BMW X5 45e xLine Supported Not Supported Navigation 2022 Threecar Universal Navigation Supported Not Supported Navigation Bouwoima 7 Inch Double Din Car Stereo Supported Not Supported Navigation Pioneer AVH-Z5050BT Supported Not Supported Emulator Raspberry Pi 4 (OpenAuto) Supported Supported Emulator Raspberry Pi 4 (Automotive Grade Linux) Supported Supported Emulator Raspberry Pi 4 (Android Automotive OS) Supported Supported Table 3. Details of Smartphones Connected to In-Vehicle Infotainment System Manufacturer Device OS/Version Connected Infotainment System Samsung Galaxy S9+ Android/10 Android Auto Apple iPhone 7 iOS/14.7.1 Apple CarPlay Table 4. Digital Forensic Tools Used in the Case Study Analysis Method Developer Name Version Packet Fingerprinting The Wireshark Team Wireshark 3.4.0 Packet Fingerprinting Apple PacketLogger 7.0.0 Packet Fingerprinting The Tcpdump team tcpdump 4.99.3 File system Analysis AccessData FTK Imager 4.7.1.2 File system Analysis OpenText Encase 22.1 File system Analysis gruemaster and tuxinator2009 Win32 Disk Imager 1.0 File system Analysis Sublime HQ Pty Ltd Sublime Text 4 Build4143 File system Analysis Sqlitebrowser DB Browser for SQ Lite 3.10.1 5.1 Forensic Analysis Method Based on their obtained specifications, forensic methods were selected for the analysis of each in-vehicle infotainment system. Table 2 summarizes the forensic analysis methods applied to each vehicle infotainment system. It was possible in all the 11 infotainment systems to collect packets over at least one Bluetooth or Wi-Fi communication channel. Therefore, packet fingerprinting was applied to all devices. Where both Bluetooth and Wi-Fi connectivity are available, application fingerprinting of packets using Android Auto and Apple CarPlay infotainment services were additionally performed. File system analysis was applied where vehicle data acquisition was possible. It was possible to acquire vehicle data from four infotainment systems; however, image comparison was not possible for one navigation system. Hence, it could only be performed with three emulators among which OpenAuto was the only infotainment system that supported wireless Android Auto and Apple CarPlay infotainment services, and vehicle data acquisition. 5.2 Other Devices and Digital Forensic Tools Table 3 shows detailed information on Android and iOS smartphones which were connected to an in-vehicle infotainment system. The Android smartphone used was Samsung's Galaxy S9+, running Android 10 OS version and Android Auto version 8.5.6252 infotainment service while Apple's iPhone 7 was used, running iOS 14.7.1 OS version and iOS 14.7.1 version of Apple CarPlay infotainment service. Table 4 lists the digital forensic tools used in the case study. Three tools were used for packet fingerprinting analysis: Wireshark and tcpdump were used to collect packets over Wi-Fi communication, PacketLogger was used to collect Bluetooth packets from iOS smartphones, and host-controller interface (HCI) snoop log (a native feature of the Android OS) was used for Bluetooth packet collection from Android smartphones. The collected packets were analyzed using Wireshark. Forensic toolkit (FTK) Imager and Encase were used for digital forensic analysis of acquired images, file extraction, and deleted file recovery, while Win32 Disk Imager was used to image the MicroSDs attached to the Raspberry Pi 4 devices that were used. Sublime Text 4 and the DB Browser for SQ Lite were used to derive artifacts by analyzing the acquired data. 5.3 Case Study Design A case study was conducted based on the flowchart shown in Fig. 1 . Eleven infotainment systems were used in the case study, and Android and iOS smartphones were connected wirelessly to each infotainment system. Subsequently, packet fingerprinting was applied to wireless communication in an infotainment environment, and file system analysis was applied to the internal storage of the infotainment system. Packet fingerprinting was performed on all 11 infotainment systems, nine of which supported both Bluetooth and Wi-Fi connectivity, while two infotainment systems supported only Bluetooth connectivity. Accordingly, packet acquisition over Bluetooth and Wi-Fi connectivity and packet acquisition over Bluetooth connectivity was conducted for the two sets of systems. A total of 20 packet acquisitions were conducted because packets were respectively collected for the Android and iOS smartphone connections of each infotainment system. A packet collection method suitable for the operating system of each connected smartphone was applied. For the Android smartphones, we used the HCI snoop log function for Bluetooth packet collection and tcpdump for Wi-Fi packet collection. For the iOS smartphones, we used the PacketLogger tool for Bluetooth packet collection and Wireshark for Wi-Fi packet collection. Subsequently, device and application fingerprinting were applied to the collected packets. Wireshark was used to analyze the collected packets. Application fingerprinting was additionally applied for systems capable of wireless connectivity for Android Auto and Apple CarPlay services. For file system analysis, image comparisons were conducted for each of the three emulator systems used in the case study. Vehicle data acquisition was performed from MicroSD devices using the Win32 Disk Imager tool; vehicle data acquisition was performed before and after a smartphone was connected to each infotainment system and used. The two acquired images (before and after smartphone connection and use) were compared and analyzed. This enabled information identification, including newly created, modified, and deleted files. Subsequently, based on the identified information, artifacts related to wireless communication were derived and used to validate the packet fingerprinting results. We used various digital forensic tools, such as FTK Imager and Encase, for file system analysis Table 5. Packet Fingerprinting Results in a Wireless Connection Environment (Head Unit) Category Type Source Field Value Android Device Fingerprinting Bluetooth BD_ADDR (Bluetooth Device Address) Head Unit: 28:0f:eb:42:a6:74 Smartphone: 50:77:05:d9:a7:eb Device Name Head Unit: EV6 Smartphone: Galaxy S9+ Phone Info Number: +82104433***7 Model: SM-G965N Vendor: SAMSUNG ISP: KT Wi-Fi Network Info (Generated from Head Unit) SSID: AAWireless-XiOu2qMU MAC: 3a:24:f1:c4:d7:fa IP Address: 10.42.1.1 PW: 6C55829BFD4D447822FBC0B08A7EFD9900EBACCB Wi-Fi Ethernet Frame.MAC Address Head Unit: 3a:24:f1:c4:d7:fa Smartphone: e2:0b:a7:66:dd:d3 Application Fingerprinting Bluetooth SDP Protocol.Service Name Wireless Android Auto Protocol MMS Text Datetime: 20230309T144352 Sender: +8210639****1 Text: test message Wi-Fi TCP Port 36812, 36830, 36910, 54321 TCP Data Google Automotive Link iOS Device Fingerprinting Bluetooth BD_ADDR Head Unit: 68:4e:05:6d:b3:48 Smartphone: 78:4f:43:01:ba:8f Device Name Head Unit: KIA-EFAB Phone Info Model: iPhone7 Vendor: Apple Wi-Fi Network Info SSID: KIA4C PW: 12345678 Wi-Fi Host iPhone7.local Application Fingerprinting Wi-Fi TCP Port 5000, 40494, 50298, 58925, 61678 User-Agent AirPlay/320.17.7 5.4 Head Unit The case study involved five head units. Identification information pertaining to these units, which were derived from fingerprinting analyses of collected wireless communication packets, is organized into head unit categories in Table 5. A total of 22 pieces of identification information were derived from the wireless communication networks of in-vehicle infotainment systems connected to the Android smartphone; these included 13 pieces of identification information for device fingerprinting and 9 pieces of identification information for application fingerprinting. Through device fingerprinting, identification information for each head unit and connected smartphone were derived. As a result of application fingerprinting, identification information was used to identify the Android Auto and Google Automotive Link services. If the vehicle driver receives or sends a text message, their phone number and message content could be obtained through packet analysis. By analyzing the security threat factors in the environment, we confirmed that the 2016 KIA K5 infotainment system did not create a password for its Wi-Fi network. This allows attackers to easily break into the vehicle network without needing to eavesdrop on Bluetooth communications. However, for the 2021 KIA Sorento and 2023 KIA EV6 systems, passwords were set and password transmission for authentication was encrypted. Fifteen pieces of identification information were derived from wireless communications of in-vehicle infotainment systems connected to the iOS smartphone; these included nine pieces of identification information for device fingerprinting and six pieces of identification information for application fingerprinting. Through device fingerprinting, various types of identification information regarding the head units were derived. For the iOS smartphone, information about the manufacturer, model, and identification information related to AirPlay service were obtained. As a result of application fingerprinting, when using Apple CarPlay, identification information, such as communication based on AirPlay and the TCP port used by Apple CarPlay, were derived. On iOS, unlike Android, text messages were not sent over a Bluetooth channel. Table 6. Packet Fingerprinting Results in a Wireless Connection Environment (Navigation) Category Type Source Field Value Android Device Fingerprinting Bluetooth BD_ADDR Navigation: fc:4b:bc:33:be:b1 Smartphone: 50:77:05:d9:a7:eb Device Name Navigation: CarBt_33beb1 Smartphone: Galaxy S9+ Phone Info Number: +82104433***7 Model: SM-G965N Vendor: SAMSUNG ISP: KT Wi-Fi Network Info SSID: CarWiFi_33beb1 MAC: 94:A4:08:00:AF:53 IP Addr:192.168.0.1 PW: 88888888 Wi-Fi Ethernet Frame.MAC Address Navigation: 94:a4:08:00:af:53 Smartphone: 42:ca:d9:20:2f:d9 Application Fingerprinting Wi-Fi TCP Port 8765, 52730 TCP Data Google Automotive Link iOS Device Fingerprinting Bluetooth BD_ADDR Navigation: fc:4b:bc:33:be:b1 Smartphone: 78:4f:43:01:ba:8f Device Name Navigation: CarBt_33beb1 RFCOMM Data Version 14.7.1 (Build 18G82) Phone Info Number: +82104433***7 Model: iPhone 7 (iPhone9,3) Vendor: Apple ISP: KT Wi-Fi Network Info SSID: CarWiFi_33beb1 PW: 88888888 Wi-Fi Host iPhone7.local AirPlay-Receiver-Device-ID 277402210254514 Application Fingerprinting Bluetooth RFCOMM Data Wireless CarPlay1 Wi-Fi TCP Port 44236, 52380 User-Agent AirPlay/320.17.7 By analyzing the security threat factors existing in the environment, we confirmed that the Wi-Fi network password created in an older infotainment system was exposed in plain text. In the more recent infotainment systems, passwords were transmitted encrypted. This means for older infotainment systems, attackers could easily intrude into vehicle networks by eavesdropping on Bluetooth communications. 5.5 Navigation The case study involved three types of navigation systems. The identification information derived from the collected wireless communication packet fingerprinting analysis results is presented in the navigation categories in Table 6. Seventeen pieces of identification information were derived from the wireless communication networks of in-vehicle infotainment systems connected to the Android smartphone; these consisted of 14 pieces of identification information for device fingerprinting and 3 pieces of identification information for application fingerprinting. Sixteen pieces of identification information were derived from the wireless communication networks of vehicle infotainment systems connected to the iOS smartphone. Among these were 12 pieces of identification information for device fingerprinting and four pieces of identification information for application fingerprinting. In the case of a navigation environment, unlike the other infotainment environments, identification information on the smartphone could be acquired. Table 7. Packet Fingerprinting Results in a Wireless Connection Environment (Emulator) Category Type Source Field Value Android Device Fingerprinting Bluetooth BD_ADDR Emulator: 00:1a:7d:da:71:0a Smartphone: 50:77:05:d9:a7:eb Device Name Head Unit: OpenAuto-Pro Smartphone: Galaxy S9+ Phone Info Number: +82104433***7 Model: SM-G965N Vendor: SAMSUNG ISP: KT Wi-Fi Network Info SSID: OpenAutoPro MAC: e4:5f:01:1b:a9:86 IP Addr: 192.168.4.1 PW: 1234567890 Wi-Fi Ethernet Frame.MAC Address Emulator: e4:5f:01:1b:a9:86 Smartphone: f6:5a:d2:f3:ab:5f Application Fingerprinting Bluetooth SDP Protocol.Service Name Wireless Android Auto Protocol Wi-Fi TCP Port 5000, 56008 TCP Data Google Automotive Link iOS Device Fingerprinting Bluetooth BD_ADDR External Device: 38:ba:b0:32:91:ad Smartphone: 78:4f:43:01:ba:8f Device Name External Device: AutoKit-edd9 Phone Info Model: iPhone7 Vendor: Apple Wi-Fi Network Info SSID: AutoBox-cd81 PW: 12345678 Wi-Fi Host iPhone7.local AirPlay-Receiver-Device-ID 963351056813 Application Fingerprinting Wi-Fi TCP Port 500, 36799, 45158, 48006, 51338-51341 User-Agent AirPlay/320.81 Table 8. Image Comparison Analysis Result for OpenAuto Connected Device Variable Capacity (Before Use) Capacity (After Use) Galaxy S9+ Total 6.2 GB 14.6 GB Allocated 4.82 GB 3.85 GB Unallocated 1.348 GB 10.75 GB iPhone 7 Total 6.2 GB 14.6 GB Allocated 4.82 GB 3.88 GB Unallocated 1.38 GB 10.72 GB Table 9. Artifacts Derived From File System Analysis Path Name Value /home/pi/.openauto/cache/ openauto.log - Android Smartphone [AndroidAutoWirelessProfile] new connection, address: 50:77:05:D9:A7:E8 [AndroidAutoWirelessProfile] Wi-Fi IP Address: 192.168.4.1 Name: GalaxyS9+ - iOS Smartphone [AutoboxEntity] paired phone, address: 78:4F:43:01:B1:8F [AutoboxEntity] recent phone, address: 78:4F:43:01:B1:8F, name: iPhone7 /home/pi/.openauto/cache/ openauto_cache.ini LastConnectedAddress=50:77:05:D9:A7:EB /home/pi/.openauto/cache/hfp/ pb553217337.vcf - Smartphone Information TEL;CELL: 010443***** - Contact Details N;CHARSET=UTF-8:;O***bin;;; FN:CHARSET=UTF-8:O***bin TEL;CELL: 010740***** /home/pi/.openauto/cache/hfp/ cch553217337.vcf TEL;VOICE:010740****** X-IRMC-CALL-DATETIME;RECEIVED:20221020T222235 The identification information derived from the navigation environment was almost identical to that from the head unit infotainment environment; however, we confirmed that the identified MAC address was different from that of the smartphone used in Wi-Fi communication. Moreover, it was impossible to identify the service (SDP Protocol.Service Name: Android Auto) used in the Bluetooth communication. Vulnerability analysis of the navigation environment confirmed that it had similar vulnerabilities as the head unit environment. 5.6 Emulator The case study involved three emulators. The identification information derived from the collected wireless communication packet fingerprinting analysis results is organized into emulator categories in Table 7. Eighteen pieces of identification information are derived from the wireless communication networks of the vehicle infotainment systems connected to an Android smartphone. Among these were 14 pieces of identification information for device fingerprinting and 4 pieces of identification information for application fingerprinting. Eighteen pieces of identification information were derived from the wireless communication networks of the vehicle infotainment systems connected to the iOS smartphone. Among these were nine pieces of identification information for device fingerprinting and nine pieces of identification information for application fingerprinting. Identification information derived from the emulator environment was mostly similar to those of the previously analyzed head unit and navigation environments. Vulnerability analysis of the emulator environment confirmed that it has similar vulnerabilities as the head unit and navigation environments. In addition, file system analysis was performed on the internal storage of each emulator system. Images were collected before and after smartphone connection and use, and the results of the image comparisons are listed in Table 8. In the case of the initial image of OpenAuto, the total size is 6.2 GB, the allocated area is 4.82 GB, and the unallocated area is 1.38 GB, and it was confirmed that Ext4 is used as the file system. Analysis of the images after connecting and using the Android and iOS smartphones confirmed that the size of the allocated area decreased by approximately 1 GB, and the size of the unallocated area increased by approximately 9 GB in both images. This means that approximately 9 GB of data were deleted. In addition, it was found that about 1 GB of data was created/modified/deleted as the smartphone was connected and used. Based on the results of the image comparison, it was confirmed that the recovery of deleted data (unallocated areas) and the analysis of modified or newly created data are necessary. Therefore, in the artifact derivation step, a file extraction and recovery technique based on Ext4 file system metadata was applied. The extracted and restored files were analyzed, and information related to wireless communication and connected devices was derived. The derived artifacts are listed in Table 9. An OpenAuto log file is shown in Fig. 2. It is a log file that stores the B luetooth address and name of the connected smartphone, as shown in 2. It also stores the IP address of the Wi-Fi network created using the OpenAuto system. In addition, the differences between Android Auto (self-supported) and Apple CarPlay (with an external device) were confirmed. In the case of Android Auto, the [AndroidAutoWirelessProfile] string can be checked. However, in the case of Apple CarPlay using an external device, the [AutoboxEntity] string can be checked. For the Openauto_cache.ini file, the Bluetooth addresses of the connected smartphone and the last connected smartphone were stored. The pb553217337.vcf and cch553217337.vcf files are contact and call list files synchronized from a smartphone through Bluetooth communication. Thus, the phone number and call list of a connected smartphone can be obtained. We confirmed that the information acquired from the internal storage of the vehicle matched that obtained from wireless communication packet printing. 6 Discussion Wireless communication packets of in-vehicle infotainment systems contain various types of identification information about the infotainment system and connected devices. These are potential sources of data that, if exposed, can be used for criminal purposes. For example, an attacker may use data obtained by eavesdropping on wireless communication in an in-vehicle infotainment system for cybercriminal activities or intrude into the vehicle network through vulnerabilities in the wireless communication environment. Our findings exemplify this point. Some infotainment systems do not set passwords for the Wi-Fi networks used for communication. While most infotainment systems set a password for their Wi-Fi networks, some transmit the passwords in plain text, rather being encrypted. Attackers can easily break into in-vehicle networks by eavesdropping on wireless communications. Our research results derived various types of identification information from the wireless communication packets of in-vehicle infotainment systems and identified some vulnerabilities. Hence, the in-vehicle wireless communication environment is currently not sufficiently secure. When we analyzed the Wi-Fi packets in an environment where an iOS smartphone was connected, the MAC addresses of the two connected devices could not be determined, unlike in an environment where an Android smartphone was connected. We reasoned that there may have been errors in the packet collection process and repeated the collection process again, but the experience persisted. This may be a problem with the parsing function of Wireshark, used as an analysis tool, or there may be a difference in the communication specifications between Apple CarPlay and Android Auto infotainment services. Additionally, in analyzing the Wi-Fi packets, it was not possible to analyze actual usage data (or payload) because of the non-specification of standard APIs for communication with Android Auto and Apple CarPlay services. Typically, actual usage data are the sources of information that aid the activities of cyber attackers. Further analysis on this requires research on the communication protocol requirements for these services. Furthermore, file system analysis was performed on three emulator systems. Through this, it was possible to validate information previously obtained through packet fingerprinting. However, file system analysis was not done for the head unit and navigation systems owing to difficulty of acquiring data from the internal storage devices of these systems. In lieu of other options, chip-off may be performed, although most in-vehicle infotainment systems prohibit this. Moreover, considering the destructive characteristics of chip-off data extraction, research on nondestructive data acquisition methods should continue to be considered. The results of this study are based on packet analysis and hence are real-time. Therefore, it may be difficult for forensic investigators to utilize our research in their processes of collecting criminal evidence when conducting post-mortem investigations of in-vehicle network security incidents. However, we analyzed security threats from a wireless communications security perspective, targeting 11 in-vehicle infotainment systems. Blocking of security threats that may occur in the future through pre-inspection and post-incidence investigation are sufficiently meaningful results from a digital forensics perspective. Moreover, our findings can enable forensics investigators conducting post-mortem investigations in deriving an attacker's vehicle network intrusion route and attack method. 7 Conclusion Wireless communication in the in-vehicle environment is becoming increasingly complex and contains a variety of information. Therefore, communication in the in-vehicle environment is potentially exposed to cybercrime. However, digital forensic research to improve the level of security has not been sufficiently conducted. In this study, we conducted a case study by configuring 11 infotainment environments to improve the security level of wireless communications in in-vehicle infotainment environments. Wireless communication packets were collected, and fingerprinting was performed to derive various identification information and evaluate the vulnerabilities. Furthermore, the validity of the packet fingerprinting results were verified by analyzing the data stored in the internal storage of some of the infotainment systems. The results of our study can be meaningfully used in future digital forensic investigations. Directions of future research include: (1) To conduct fingerprinting research on wireless communication in more complex environments, such as involving electric vehicles and connected cars. These investigations potentially will enable digital forensic investigators better cope with digital investigations of vehicles. (2) Research may be conducted on methods to acquire the internal storage data of in-vehicle infotainment environments in a nondestructive manner. (3) Another potential area of study is to analyze the communication specifications of infotainment services such as Android Auto and Apple CarPlay. This may require decompilation analyses of applications installed on Android and iOS smartphones. Declarations Author Contribution Y.S. contributed to conceptualization, methodology, analysis, and writing.G.Y. contributed to analysis and validation.T.S. performed a review of the paper and provided important revisions. Acknowledgement This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MIST) (No.2022-0-01022, Development of Collection and Inte-grated Analysis Methods of Automotive Inter/Intra System Artifacts through Construction of Event-based experimental system) References Amadeo R (2023) Android Automotive goes mainstream: A review of GM’s new infotainment system, Available online: https://arstechnica.com/gadgets/2023/01/Android-automotive-goes-mainstream-a-review-of-gms-new-infotainment-system/ Tsui C (2023) Polestar Android Automotive OS Infotainment Review: A Step in the Right Direction, Available online: https://www.thedrive.com/car-reviews/polestar-2-Android-automotive-os-infotainment-review-google-specs-system-tech-evs-electric-cars Julich T, BMW Group to build on Android Open Source Project (AOSP) for BMW Operating System 9 (2022), Available online: press. bmwgroup.com/global/article/detail/T0401875EN/bmw-group-expands-bmw-operating-system-8-with-a-variant-that-integrates-Android-automotive-os?language = en AGL (2022) Automotive Grade Linux Showcases Open Source Technology and Software Defined Vehicle at CES 2023, Available online: https://www.prnewswire.com/news-releases/automotive-grade-linux-showcases-open-source-technology-and-software-defined-vehicle-at-ces-2023-301707708.html AGL (2018) Automotive Grade Linux Hits the Road Globally with Toyota; Amazon Alexa Joins AGL to Support Voice Recognition, Available online: https://www.automotivelinux.org/announcements/automotive-grade-linux-hits-road-globally-toyota-amazon-alexa-joins-agl-support-voice-recognition/ Liu S et al (2019) Edge computing for autonomous driving: Opportunities and challenges. Proceedings of the IEEE 107.8 : 1697–1716 Liu L et al (2020) Computing systems for autonomous driving: State of the art and challenges. IEEE Internet Things J 8(8):6469–6486 Jo W, Kim S, Kim H, Shin Y, Shon T (2022) Automatic whitelist generation system for ethernet based in-vehicle network. 142:103735 Computers in Industry Kim S, Jo W, Lee J, Shon T (2022) AI-enabled device digital forensics for smart cities. J Supercomputing 78(2):3029–3044 Hasan M et al (2020) Securing vehicle-to-everything (V2X) communication platforms. IEEE Trans Intell Veh 5(4):693–713 Mahr A et al (2022) Auto-Parser: Android Auto and Apple CarPlay Forensics. Digital Forensics and Cyber Crime: 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6–9, 2021, Proceedings. Cham: Springer International Publishing Lakshmanan R (2022) Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers, Online Available: https://thehackernews.com/2022/12/researcher-uncovers-potential.html Hope A, Mercedes and Toyota (2023) Severe API Security Flaws Affect Millions of Vehicles from 16 Car Manufacturers, Including BMW, Online Available: https://www.cpomagazine.com/cyber-security/severe-api-security-flaws-affect-millions-of-vehicles-from-16-car-manufacturers-including-bmw-mercedes-and-toyota/ Kim S, Jo W, Shon T (2020) APAD: Autoencoder-based payload anomaly detection for industrial IoE. Appl Soft Comput 88:106017 Kim M, Shin Y, Jo W, Shon T (2023) Digital forensic analysis of intelligent and smart IoT devices. J Supercomputing Kwon S, Yoo H, Shon T (2020) ‘IEEE 1815.1-based power system security with bidirectional RNN-based network anomalous attack detection for cyber-physical system. ’ IEEE Access 8:77572–77586 Chowdhury R, Roy et al (2020) Network traffic analysis based iot device identification. Proceedings of the 2020 the 4th International Conference on Big Data and Internet of Things Hamad S, Abdalla et al (2019) Iot device identification via network-flow based Fingerprinting and learning. 2019 18th IEEE international conference on trust, security and privacy in computing and communications/13th IEEE international conference on big data science and engineering (TrustCom/BigDataSE). IEEE Klein RW, Temple MA, Mendenhall MJ (2009) Application of wavelet-based RF Fingerprinting to enhance wireless network security. J Commun Netw 11(6):544–555 Lin Y, Chang J (2019) Improving wireless network security based on radio Fingerprinting. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE Skowron M, Janicki A, Mazurczyk W (2020) Traffic Fingerprinting attacks on internet of things using machine learning. IEEE Access 8:20386–20400 Chen T (2022) Radio Frequency Fingerprint-Based DSRC Intelligent Vehicle Networking Identification Mechanism in High Mobility Environment. Sustainability 14(9):5037 Jo W, Shin Y, Kim H, Yoo D, Kim D, Kang C, Jin J, Oh J, Na B, Shon T (2019) Digital forensic practices and methodologies for AI speaker ecosystems. Digital Investigation, vol. 29, S80-S93 Ebbers S Grand theft app: Digital forensics of vehicle assistant apps. The 16th International Conference on Availability, Reliability and Security., Lee et al (2021) Junsu, Forensic Analysis of Apple CarPlay: A Case Study. International Symposium on Mobile Internet Security. Springer, Singapore, 2021 Edwards S (2019) and Heather Mahalik. They See Us Rollin, They Hatin-Forensics of iOS CarPlay and Android Auto. SANS DFIR Le-Khac, Nhien-An et al (2020) Smart vehicle forensics: Challenges and case study. Future Generation Comput Syst 109:500–510 Shin Y, Kim H, Kim S, Yoo D, Jo W, Shon T (2020) Certificate Injection-Based Encrypted Traffic Forensics in AI Speaker Ecosystem. Forensic Sci International: Digit Invest 33:301010 Shin Y, Kim S, Jo W, Shon T (2022) Digital Forensic Case Studies for In-Vehicle Infotainment systems Using Android Auto and Apple CarPlay. Sensors, vol. 22, no. 19, p. 7196, Sep Anajemba JH, Iwendi C, Razzak I, Ansere JA, Okpalaoguchi IM (2022) A Counter-Eavesdropping Technique for Optimized Privacy of Wireless Industrial IoT Communications, in IEEE Transactions on Industrial Informatics, vol. 18, no. 9, pp. 6445–6454, Sept. 10.1109/TII.2021.3140109 Liu G et al (2021) Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes, in IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6578–6590, 15 April15, 10.1109/JIOT.2020.3048842 Woo S, Jo HJ, Dong Hoon, Lee (2014) A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Trans Intell Transp Syst 16(2):993–1006 Antonioli D (2022) and Mathias Payer. On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats. 2022 IEEE Security and Privacy Workshops (SPW). IEEE Sladović D et al (2019) Investigating modern cars. 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE Google (2023) January. Android Auto. Available online: https://www.Android.com/auto/ (accessed on 1 Apple (2023) January. Apple CarPlay. Available online: https://www.apple.com/ios/carplay/ (accessed on 1 Kim H, Shin Y, Kim S, Jo W, Kim M, Shon T (May 2022) Digital Forensic Analysis to Improve User Privacy on Android. Sensors 22(11):3971 Kim H, Kim S, Shin Y, Jo W, Lee S, Shon T (2021) Ext4 and XFS File System Forensic Framework Based on TSK, Electronics, vol. 10, no. 18, p. 2310, Sep Lee J (2022) Forensic Analysis of IoT File Systems for Linux-Compatible Platforms. Electronics 11(19):3219 Lee S, Jo W, Eo S, Shon T (2020) ExtSFR: scalable file recovery framework based on an Ext file system. Multimedia Tools Appl 79(23):16093–16111 Strandberg K, Nowdehi N, Olovsson T (2022) A systematic literature review on automotive digital forensics: Challenges, technical solutions and data collection. IEEE Trans Intell Veh 8(2):1350–1367 Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Editorial decision: Revision requested 13 Sep, 2024 Reviews received at journal 08 Sep, 2024 Reviews received at journal 07 Sep, 2024 Reviews received at journal 28 Aug, 2024 Reviews received at journal 27 Aug, 2024 Reviewers agreed at journal 19 Aug, 2024 Reviewers agreed at journal 19 Aug, 2024 Reviewers agreed at journal 19 Aug, 2024 Reviewers agreed at journal 17 Aug, 2024 Reviewers agreed at journal 17 Aug, 2024 Reviewers agreed at journal 17 Aug, 2024 Reviewers invited by journal 17 Aug, 2024 Editor assigned by journal 04 Jul, 2024 Submission checks completed at journal 04 Jul, 2024 First submitted to journal 30 Jun, 2024 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4664910","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":326327877,"identity":"1d8a73f9-f4fb-4a6c-9361-2e1b82437e87","order_by":0,"name":"Yeonghun Shin","email":"","orcid":"","institution":"Ajou University","correspondingAuthor":false,"prefix":"","firstName":"Yeonghun","middleName":"","lastName":"Shin","suffix":""},{"id":326327882,"identity":"df1b96c7-6139-4454-a39d-375eb840fafc","order_by":1,"name":"Geon Yu","email":"","orcid":"","institution":"Ajou University","correspondingAuthor":false,"prefix":"","firstName":"Geon","middleName":"","lastName":"Yu","suffix":""},{"id":326327885,"identity":"7e727428-1daa-48e9-a204-205c787b5954","order_by":2,"name":"Taeshik Shon","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAyElEQVRIiWNgGAWjYHACNiC2YWBsgPAMCKrngWhJI13LYbgAYS32/MefPfi447w8c3uPAcOPGgZj8wZCtkjkmBvOPHPbsLHnjAFjzzEGM5kDBLXwsEnztt1mbJyRY8DA28BgI0HIYTxAhwG1nLMHaWH8S5QWhgQzoJYDiSAtzEBbzAhruZFjJjmzLTm5sedYwWGZYxLGBLWw9x9/JvGxzc52Y3vzxodvamwMZxDSAgeGDQwMBxgYCNqBBORJUDsKRsEoGAUjDAAAO7U38a+Kn/0AAAAASUVORK5CYII=","orcid":"","institution":"Ajou University","correspondingAuthor":true,"prefix":"","firstName":"Taeshik","middleName":"","lastName":"Shon","suffix":""}],"badges":[],"createdAt":"2024-07-01 02:59:05","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4664910/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4664910/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":61350150,"identity":"3adfc503-a92a-49ab-a637-8fdef0f06ac1","added_by":"auto","created_at":"2024-07-29 18:35:49","extension":"png","order_by":1,"title":"Figure 1","display":"","copyAsset":false,"role":"figure","size":191141,"visible":true,"origin":"","legend":"\u003cp\u003e\u003cstrong\u003eCase Study Flow Chart\u003c/strong\u003e\u003c/p\u003e","description":"","filename":"floatimage4.png","url":"https://assets-eu.researchsquare.com/files/rs-4664910/v1/8fff225f3e0184eaea71b9e8.png"},{"id":61349074,"identity":"1d852da8-99ce-475e-8f6d-6edd999f003d","added_by":"auto","created_at":"2024-07-29 18:27:49","extension":"png","order_by":2,"title":"Figure 2","display":"","copyAsset":false,"role":"figure","size":1584121,"visible":true,"origin":"","legend":"\u003cp\u003e\u003cstrong\u003eOpenauto.log file, (Above) Android Smartphone Environment, (Below) iOS Smartphone Environment\u003c/strong\u003e\u003c/p\u003e","description":"","filename":"floatimage8.png","url":"https://assets-eu.researchsquare.com/files/rs-4664910/v1/a09e11c7b3338b71897dbdba.png"},{"id":61350216,"identity":"4b3e8e8f-a73c-4f57-a9ec-349c67e8160f","added_by":"auto","created_at":"2024-07-29 18:35:55","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":2284340,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4664910/v1/f1e36857-b699-4e77-a552-8400699835ab.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Digital Forensic Analysis for Vehicle Infotainment Systems based on Packet Fingerprinting","fulltext":[{"header":"1 Introduction","content":"\u003cp\u003eCurrently, most vehicles have in-vehicle infotainment systems installed, in which various operating systems (OSs) and open-source vehicle platforms are used. In 2017, Google announced Android Automotive OS (AAOS), an OS for vehicles. It had a small market share in the field of automotive OSs, as it was used in only a small number of vehicles. However, recently, several vehicle manufacturers, including BMW, GM, and Chevy, are integrating AAOS into vehicles (Amadeo \u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e2023\u003c/span\u003e, Tsui \u003cspan citationid=\"CR2\" class=\"CitationRef\"\u003e2023\u003c/span\u003e, Julich \u003cspan citationid=\"CR3\" class=\"CitationRef\"\u003e2022\u003c/span\u003e). Automotive Grade Linux (AGL), developed by the Linux Foundation and announced in 2016, is an open-source platform for vehicles that can be used in various fields, such as in-vehicle infotainment and telematics; AGL has more than 150 members, including 10 vehicle manufacturers, and has been integrated into Toyota and Lexus vehicles since 2018 (AGL \u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e2018\u003c/span\u003e, AGL \u003cspan citationid=\"CR4\" class=\"CitationRef\"\u003e2022\u003c/span\u003e). These in-vehicle OSs and open-source platforms are expected to be installed in most vehicles soon.\u003c/p\u003e \u003cp\u003eHence, the latest vehicles include at least one computing system, and with the recent rapid development of vehicle technology, such as autonomous driving, the number of computing systems in vehicles is increasing rapidly (Liu 2019, Liu 2020). Additionally, various IoT technologies are being introduced in vehicles (Jo et al. \u003cspan citationid=\"CR8\" class=\"CitationRef\"\u003e2022\u003c/span\u003e), and images from front, rear, left, and right cameras can now be combined to provide a 360-degree view of a vehicle\u0026rsquo;s surroundings. There are also driver assistance systems that utilize Augmented Reality technology. Furthermore, more sensors are being installed in vehicles than ever before (Jo et al. \u003cspan citationid=\"CR8\" class=\"CitationRef\"\u003e2022\u003c/span\u003e). The various IoT devices and sensors installed in a vehicle collect various types of information from the surroundings and transmit them to the vehicle through wireless communication (Strandberg et al. \u003cspan citationid=\"CR40\" class=\"CitationRef\"\u003e2022\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eCurrent in-vehicle communication environments are different from previously when communication was only internal and there were no external connections. Presently, there is active communication with the outside world, with vehicles containing powerful computing systems and a wide range of sensors that continuously transmit data wirelessly to both the manufacturers and vehicles. The infotainment system installed in a vehicle and the driver\u0026rsquo;s smartphone can communicate wirelessly. With its wireless connection to devices, such as sensors, smartphones, and IoT, a vehicle is exposed to external threats (Hasan 2020). Consequently, vehicles are exposed to a greater cybersecurity attack surface than ever before and the seriousness of this has steadily increased (Mahr 2022). In reality, there have been cases of eavesdropping on IoT devices that operate based on a wireless connection and an attacker has conducted a remotely-controlled attack on an IoT device (Lakshmanan \u003cspan citationid=\"CR12\" class=\"CitationRef\"\u003e2022\u003c/span\u003e). Such an attack case is a security threat that can occur even in current vehicles using wireless communication. For example, there was a report of vulnerabilities affecting vehicles from 16 manufacturers, which enabled attackers to remotely take control of the affected vehicles (Hope \u003cspan citationid=\"CR13\" class=\"CitationRef\"\u003e2023\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eCyberattacks on in-vehicle wireless communication, such as wireless packet manipulation and replay attack, are serious problems that can directly harm vehicles and drivers. This security consideration has been an issue in other wireless communication environments, such as IoT, smart factories, and mobile telecommunications (Kim et al. \u003cspan citationid=\"CR9\" class=\"CitationRef\"\u003e2022\u003c/span\u003e, Kim et al. \u003cspan citationid=\"CR14\" class=\"CitationRef\"\u003e2020\u003c/span\u003e, Kim et al. \u003cspan citationid=\"CR15\" class=\"CitationRef\"\u003e2023\u003c/span\u003e, Kwon et al. \u003cspan citationid=\"CR16\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). Accordingly, various studies have been conducted on the application of fingerprinting techniques to improve the security level in various wireless communication environments. Fingerprinting is a technique that has been actively used thus far to evaluate and improve the security level of wireless communication in various sectors (Chowdhury et al. \u003cspan citationid=\"CR17\" class=\"CitationRef\"\u003e2020\u003c/span\u003e, Hamad et al. \u003cspan citationid=\"CR18\" class=\"CitationRef\"\u003e2019\u003c/span\u003e, Klein et al. \u003cspan citationid=\"CR19\" class=\"CitationRef\"\u003e2009\u003c/span\u003e, Lin \u0026amp; Chang \u003cspan citationid=\"CR20\" class=\"CitationRef\"\u003e2019\u003c/span\u003e, Skowron et al. \u003cspan citationid=\"CR21\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). In addition, studies have been conducted on the exposure of sensitive information based on wireless communication packet analysis in an IoT environment and the possibility of attack (Chen \u003cspan citationid=\"CR22\" class=\"CitationRef\"\u003e2022\u003c/span\u003e, Jo et al. \u003cspan citationid=\"CR23\" class=\"CitationRef\"\u003e2019\u003c/span\u003e). However, digital forensic research on the security of wireless communications in vehicle environments have not been sufficiently conducted. Existing studies have been limited to acquiring data and deriving artifacts from mobile devices connected to vehicles (Mahr 2022, Ebbers et al. \u003cspan citationid=\"CR24\" class=\"CitationRef\"\u003e2021\u003c/span\u003e, Ebbers et al. \u003cspan citationid=\"CR24\" class=\"CitationRef\"\u003e2021\u003c/span\u003e, Le-Khac et al. \u003cspan citationid=\"CR26\" class=\"CitationRef\"\u003e2020\u003c/span\u003e, Shin et al. \u003cspan citationid=\"CR27\" class=\"CitationRef\"\u003e2020\u003c/span\u003e, Shin et al. \u003cspan citationid=\"CR28\" class=\"CitationRef\"\u003e2022\u003c/span\u003e). Against this context, there is an increasing need for digital forensic research on in-vehicle wireless communications.\u003c/p\u003e \u003cp\u003eAccordingly, we conducted a digital forensic case study to identify security threats and digital forensic evidence in in-vehicle wireless communications. Most wireless communication in vehicular environments is based on infotainment systems. To extract meaningful information in wireless communications, the analyses included file system analysis of infotainment systems and connected devices.\u003c/p\u003e \u003cp\u003eThe contributions of this study can be summarized as follows:\u003c/p\u003e \u003cp\u003e● Case studies were conducted to identify security threats and digital forensic evidence in wireless communication in various in-vehicle infotainment systems. This can improve the security level of in-vehicle wireless communications.\u003c/p\u003e \u003cp\u003e● We conducted a case study involving 11 infotainment systems to fully reflect the diversity of in-vehicle infotainment environments. There were five vehicle head units, three navigation systems, and three emulator-based infotainment systems. Accordingly, our case study results can contribute to in-vehicle infotainment system forensics in various environments.\u003c/p\u003e \u003cp\u003e● Through the case studies, digital forensic evidence and identification information derived from each infotainment system are organized and presented. This can assist digital forensic investigators conducting investigations in in-vehicle wireless communications.\u003c/p\u003e \u003cp\u003eThe remainder of this paper is organized as follows. Section 2 presents research related to in-vehicle infotainment systems. Section 3 describes a case study conducted on an in-vehicle infotainment system. Section 4 describes the experimental conditions. Section 5 presents the findings of the case study and the identified digital forensic evidence. Section 6 discusses the implications of the findings and limitations of the study. Section 7 summarizes the study and points to future directions of research.\u003c/p\u003e"},{"header":"2 Related Works","content":"\u003cp\u003eVarious studies have been conducted on fingerprinting to improve the security of wireless communication environments. Skowron et al. investigated privacy risks for IoT devices, focusing on information leakage caused by network fingerprinting attacks, and a method was proposed to mitigate data privacy risks (Skowron et al. \u003cspan citationid=\"CR21\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). Chowdhury et al. created device fingerprints using network packets collected from IoT devices. Based on this, a method for identifying IoT devices was proposed (Chowdhury et al. \u003cspan citationid=\"CR17\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). Klein et al. used an RF fingerprinting technique to improve wireless network security. They proposed a method for distinguishing devices in a wireless network environment based on RF fingerprinting (Klein et al. \u003cspan citationid=\"CR19\" class=\"CitationRef\"\u003e2009\u003c/span\u003e). Hamad et al. proposed a more advanced fingerprinting method to solve security problems in an IoT environment using various vendors, standards, and protocols (Hamad et al. \u003cspan citationid=\"CR18\" class=\"CitationRef\"\u003e2019\u003c/span\u003e). Lin et al. proposed a radio-frequency fingerprint extraction method based on a fractional Fourier transform for transient signals (Lin \u0026amp; Chang \u003cspan citationid=\"CR20\" class=\"CitationRef\"\u003e2019\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eThus, fingerprinting studies have been conducted to improve the security of wireless communication. However, research on fingerprinting the in-vehicle infotainment environment remains lacking. Chen et al. studied a radio-frequency fingerprint-based in-vehicle communication identification scheme. Nevertheless, research on the fingerprinting of Bluetooth and Wi-Fi, which are used to provide in-vehicle infotainment services, has not been conducted (Chen \u003cspan citationid=\"CR22\" class=\"CitationRef\"\u003e2022\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eA technical study was conducted on an IoT platform to evaluate the security of wireless communication and respond to wireless attacks. Jo et al. and Shin et al. performed network traffic analysis to evaluate the security level of a smart speaker wireless communication environment. Based on the analysis results, a replay attack was performed to steal personal information stored in the vendor's cloud server, thereby demonstrating vulnerabilities in wireless communication security (Jo et al. \u003cspan citationid=\"CR23\" class=\"CitationRef\"\u003e2019\u003c/span\u003e, Shin et al. \u003cspan citationid=\"CR27\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). Anajemba et al. proposed a technique to prevent eavesdropping attacks and improve the security of the wireless communication environment of an Industrial IoT (IIoT) system (Anajemba et al. \u003cspan citationid=\"CR29\" class=\"CitationRef\"\u003e2022\u003c/span\u003e). Liu et al. proposed a network immune system based on a programming-protocol-independent packet processor to prevent eavesdropping attacks in IoT environments. Although various studies have been conducted to improve the security of wireless communication, they have not been sufficiently conducted for in-vehicle communication environments (Liu et al. \u003cspan citationid=\"CR30\" class=\"CitationRef\"\u003e2021\u003c/span\u003e). In Woo et al., as the in-vehicle internal network controller area network (CAN) changed to an external network (4G/5G Mobile Network) owing to the development of vehicle-based technologies such as connected cars, long-distance wireless attacks using CAN vulnerabilities became possible. The authors proposed a security protocol to address the problem. However, this was limited to the case where a self-diagnosis app is installed on a smartphone, and security checks for wireless communication (Bluetooth and Wi-Fi) occurring in the in-vehicle infotainment system have not been performed (Woo et al. \u003cspan citationid=\"CR31\" class=\"CitationRef\"\u003e2014\u003c/span\u003e). Antonioli et al. evaluated potential attack threats to Bluetooth communication in in-vehicle infotainment systems; however, no methods have been proposed to improve the security (Antonioli \u0026amp; Payer 2022).\u003c/p\u003e \u003cp\u003eFrom the foregoing, various digital forensic studies have been conducted on in-vehicle infotainment systems. However, studies related to the acquisition of infotainment systems\u0026rsquo; internal storage data or data stored in smartphones, and the analysis of the wireless communication environment have not been sufficiently performed (Mahr 2022, Ebbers et al. \u003cspan citationid=\"CR24\" class=\"CitationRef\"\u003e2021\u003c/span\u003e, Edwards \u0026amp; Mahalik 2019, Le-Khac et al. \u003cspan citationid=\"CR26\" class=\"CitationRef\"\u003e2020\u003c/span\u003e, Liu et al. \u003cspan citationid=\"CR30\" class=\"CitationRef\"\u003e2021\u003c/span\u003e). Shin et al. analyzed the wireless communication section of the infotainment system; however, most of the analysis was on Bluetooth communication and sufficient analysis on Wi-Fi communication was not performed (Shin et al. \u003cspan citationid=\"CR28\" class=\"CitationRef\"\u003e2022\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eTo summarize the discussion above, in a situation of increasing attack surface for wireless communication in in-vehicle infotainment environments, research on solving this problem has not been sufficiently conducted. It is necessary to conduct digital forensic research on security evaluation and improvement from varied perspectives, such as studies conducted on other platforms, including IoT. Therefore, in this study, packet fingerprinting research was conducted to evaluate and improve the security level of wireless communication in in-vehicle infotainment systems.\u003c/p\u003e"},{"header":"3 Forensic Methods for In-Vehicle Infotainment","content":"\u003cp\u003eThis section describes a packet fingerprinting method for evaluating the security level of wireless communication in an in-vehicle infotainment environment and identifying connected devices and services. In addition, a file system analysis method for validating the results of packet fingerprinting analysis is presented.\u003c/p\u003e \u003cdiv id=\"Sec4\" class=\"Section2\"\u003e \u003ch2\u003e3.1 Packet Fingerprinting\u003c/h2\u003e \u003cp\u003eWireless communication in a vehicular environment was analyzed for packet fingerprinting. This was a three-stage process: (1) packet acquisition, (2) device fingerprinting, and (3) application fingerprinting.\u003c/p\u003e \u003cp\u003ePacket acquisition is a step in investigative methods to collect wireless communications packets. First, the wireless communication protocols (Wi-Fi and Bluetooth) supported by the connected devices in the vehicular environment are identified. Second, a method for collecting wireless communication data is determined based on the protocols identification results. In general, because it is difficult to collect wireless communication packets from in-vehicle infotainment systems, such as those that do not support connections with a personal computer, these packets are collected from devices connected to the vehicle. Tools such as tcpdump, PacketLogger, and Wireshark were used to collect the packets. The wireless communication packet collection channel was either Bluetooth or Wi-Fi; however, if both were supported, Android Auto and Apple CarPlay services that use packets that communicate using both channels were also collected (Google \u003cspan citationid=\"CR34\" class=\"CitationRef\"\u003e2023\u003c/span\u003e, Apple \u003cspan citationid=\"CR35\" class=\"CitationRef\"\u003e2023\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eThe collected packets were then analyzed via a two-step process: device fingerprinting (to identify the device) and application fingerprinting to identify the service used by the vehicle infotainment system. The Wireshark network protocol analyzer was used for packet analysis. In addition, fingerprint generation and identification of security vulnerabilities that can be exploited for personal information leakage and cyberattacks were performed.\u003c/p\u003e \u003cp\u003eThe goal of the device fingerprinting step is to generate a fingerprint to identify each connected device in the wireless communication. It analyzes the collected packets to derive information that can identify the device, such as vendor, Bluetooth address, Bluetooth device name, Wi-Fi address, MAC address, and International Mobile Equipment Identity.\u003c/p\u003e \u003cp\u003eThe application fingerprinting step aims to generate a fingerprint from wireless communication packets to identify the service being used in the in-vehicle infotainment system. The collected packets were analyzed to derive information that could identify the services in use, such as AirPlay, Google Automotive Link, Android Auto, and Apple CarPlay.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec5\" class=\"Section2\"\u003e \u003ch2\u003e3.2 File System Analysis\u003c/h2\u003e \u003cp\u003eIn file system analysis, the internal storage of the in-vehicle infotainment system was analyzed and the analysis results were used to validate previously obtained packet fingerprinting results. The file system analysis was performed in three stages: (1) image acquisition, (2) image comparison, and (3) artifact derivation.\u003c/p\u003e \u003cp\u003eThe goal of the image-acquisition step is to conduct research on a suitable method to acquire data from in-vehicle storage. First, the connection interface supported by the in-vehicle infotainment system, external storage device, and developer function tools were investigated. A method was derived for collecting data from the in-vehicle infotainment system, and, based on this method, internal vehicle data were acquired.\u003c/p\u003e \u003cp\u003eThe image comparison step is to identify data changes after the case study vehicle and smartphone are connected and exchange data. To this end, internal storage data before and after using the in-vehicle infotainment system were imaged. Subsequently, the two images were compared to identify newly created or deleted data. Based on the results, the digital forensic analysis technique and direction for the next step were determined (Kim et al. \u003cspan citationid=\"CR9\" class=\"CitationRef\"\u003e2022\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eArtifact derivation aims to perform analysis based on various types of information derived from image comparison. Deleted files were recovered based on file system metadata, and information about the in-vehicle infotainment system and connected devices was obtained through various analyses as described in previous studies (Kim et al. \u003cspan citationid=\"CR37\" class=\"CitationRef\"\u003e2021\u003c/span\u003e, Lee \u0026amp; Shon 2022, Lee et al. \u003cspan citationid=\"CR39\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). In addition, artifacts related to wireless communication in in-vehicle infotainment environments were acquired and used to validate previously obtained packet fingerprinting results.\u003c/p\u003e \u003c/div\u003e"},{"header":"4 Specifications of Infotainment Systems Used in Case Study","content":"\u003cp\u003eThis section describes the various devices used in the case study and configuration of the experimental environment. Three functional categories of in-vehicle infotainment systems were used: (1) head unit, (2) navigation, and (3) emulator-based systems. A head unit is a display/audio system installed as a basic option in an actual vehicle, a navigation system is a vehicle-mounted display/audio system that can be purchased in the open market, and an emulator is an infotainment system provided in open source or image form for distribution. Table\u0026nbsp;1 summarizes the specifications of 11 vehicle infotainment systems used in the case study. A survey of the systems was conducted from five perspectives as follows.\u003c/p\u003e \u003cp\u003eTable\u0026nbsp;1.\u0026nbsp;Details of In-Vehicle Infotainment System Used in the Experiment\u003c/p\u003e\n\u003cdiv\u003e\n \u003ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"567\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eCategory\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eInfotainment System\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003ePlatform\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eWireless Connectivity\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003eWireless Connection with External Devices\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003ePacket Acquisition\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eVehicle Data Acquisition\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eKIA Sorento (2023)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eccOS\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003eSupported (Wi-Fi)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eX\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eKIA EV6 (2021)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eccOS\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003eSupported (Wi-Fi)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eX\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eKIA K5 (2016)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eccOS\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003eSupported (Wi-Fi)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eX\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eBMW NBT HU EVO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eBMW OS\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth, Wi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003e-\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eCarPlay Only\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eX\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eBMW X5 45e xLine\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eBMW OS\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth, Wi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003e-\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eX\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eNavigation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003e2022 Threecar Universal Navigation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eAndroid-based\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth, Wi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003e-\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eNavigation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eBouwoima 7 Inch Double Din Car Stereo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eLinux-based\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth, Wi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003e-\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eX\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eNavigation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003ePioneer AVH-Z5050BT\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eVendor Specific\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth, Wi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003e-\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eX\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eEmuator\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eRaspberry Pi 4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eOpenAuto\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth, Wi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eEmuator\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eRaspberry Pi 4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eAutomotive Grade Linux\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003eUnsupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth Only\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"14.43661971830986%\"\u003e\n \u003cp\u003eEmuator\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.6056338028169%\" valign=\"top\"\u003e\n \u003cp\u003eRaspberry Pi 4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.204225352112676%\" valign=\"top\"\u003e\n \u003cp\u003eAndroid Automotive OS\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"9.859154929577464%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.669014084507042%\" valign=\"top\"\u003e\n \u003cp\u003eUnsupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.788732394366198%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth Only\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.43661971830986%\" valign=\"top\"\u003e\n \u003cp\u003eO\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv id=\"Sec7\" class=\"Section2\"\u003e \u003ch2\u003e4.1 Platform\u003c/h2\u003e \u003cp\u003eThis is an investigation of the entire system, including the OS installed in the in-vehicle infotainment system. Vendor-specific head units, such as Hyundai Motor Group\u0026rsquo;s connected car operating system (ccOS) and BMW\u0026rsquo;s BMW OS were used. For navigation, open-source platforms, such as Linux, were mainly used. Equally, open-source vehicle OS emulator platforms, such as OpenAuto, AGL, and AAOS were installed and used on each Raspberry Pi 4 device.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec8\" class=\"Section2\"\u003e \u003ch2\u003e4.2 Wireless Connectivity\u003c/h2\u003e \u003cp\u003eWireless connectivity was investigated to identify the wireless communication support specifications for each in-vehicle infotainment environment. We investigated whether each infotainment system supports Bluetooth and Wi-Fi, which are wireless communication methods used to connect smartphones. Most of the infotainment systems supported both Bluetooth and Wi-Fi, although only Bluetooth was supported in the case of KIA Sorento/EV6/K5, AGL, and AAOS.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec9\" class=\"Section2\"\u003e \u003ch2\u003e4.3 Wireless Connectivity via External Devices\u003c/h2\u003e \u003cp\u003eA wireless connection via an external device was investigated for any infotainment system that did not support either Bluetooth or Wi-Fi connectivity. As some infotainment systems did not support Wi-Fi connectivity, we investigated whether Wi-Fi connection is possible using an external device such as a USB-based Wi-Fi adapter. We confirmed that a Wi-Fi connectivity was possible using an external device in the KIA Sorento/EV6/K5. We were thus able to confirm that wireless use of Android Auto and Apple CarPlay infotainment services was possible.\u003c/p\u003e \u003cp\u003eConnectivity via Wi-Fi through an external device was possible for AGL and AAOS; however, it was impossible to wirelessly use infotainment services, such as Android Auto and Apple CarPlay. Wireless connectivity of Android Auto service was possible for OpenAuto, whereas an external device was required for Apple CarPlay.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec10\" class=\"Section2\"\u003e \u003ch2\u003e4.4 Packet Acquisition\u003c/h2\u003e \u003cp\u003ePacket acquisition summarizes the results of investigations on whether or not wireless communication packets can be collected in an in-vehicle infotainment environment. We confirmed that Bluetooth communication packets could be collected in all infotainment systems. In the case of Wi-Fi, packets collection was confirmed on all devices that supported two of the three emulators. The BMW NBT HU EVO system supported both Bluetooth and Wi-Fi connectivity, but did not support the Android Auto service; hence, packet collection was only confirmed for Apple CarPlay service.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec11\" class=\"Section2\"\u003e \u003ch2\u003e4.5 Vehicle Data Acquisition\u003c/h2\u003e \u003cp\u003eVehicle data acquisition summarizes the results of investigations on whether the internal storage of an infotainment system can be acquired. For each of the 11 types of infotainment systems, we investigated the interface connectivity to obtain internal storage data and whether a data extraction function was supported. In addition, we investigated whether there is an external storage device or an accessible flash memory on the system\u0026rsquo;s printed circuit board. Consequently, we confirmed that internal data could be acquired only from one navigation and three emulators. In most cases, the infotainment systems had no interface connectivity and storage device to which physical data acquisition techniques, such as chip-off, could be applied.\u003c/p\u003e \u003cp\u003eThe 2022 model Threecar Universal Navigation was the only infotainment system with NAND flash memory capable of chip-off data extraction. However, because data could only be obtained through chip-off, only data obtained after navigation was used. This implies that the image comparison step of file system analysis could not be applied. For the emulators, acquisition of internal storage data was easy because their operations incorporate the use of MicroSDs, which are non-volatile and portable.\u003c/p\u003e \u003c/div\u003e"},{"header":"5 Case Study and Results","content":"\u003cp\u003eThis section presents the design of a case study conducted on infotainment systems and the forensic artifacts obtained as a result of the case study. Subsection 5.1 describes the forensic analysis methods applied to 11 infotainment systems. Subsection 5.2 describes the use of smartphones and digital forensic tools used to perform forensic analysis. Subsection 5.3 describes the actual process of conducting the case study. The case study results are presented in the last three subsections. Similar categories of infotainment systems have similar wireless connectivity and vehicle data acquisition supports. Therefore, we organized the analysis results and derived identification information by category. Subsection 5.4 describes the head unit, Subsection 5.5 the navigation, and Subsection 5.6 the emulator systems analyses results.\u003c/p\u003e\n\u003cp\u003eTable\u0026nbsp;2.\u0026nbsp;Forensic Analysis Methods Applied to Infotainment Systems\u003c/p\u003e\n\u003cdiv\u003e\n \u003ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"600\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eCategory\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eInfotainment System\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003ePacket Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eFile System Analysis\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eKIA Sorento (2023)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eNot Supported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eKIA EV6 (2021)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eNot Supported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eKIA K5 (2016)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eNot Supported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eBMW NBT HU EVO\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eNot Supported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eBMW X5 45e xLine\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eNot Supported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eNavigation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003e2022 Threecar Universal Navigation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eNot Supported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eNavigation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eBouwoima 7 Inch Double Din Car Stereo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eNot Supported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eNavigation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003ePioneer AVH-Z5050BT\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eNot Supported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eEmulator\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eRaspberry Pi 4 (OpenAuto)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eEmulator\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eRaspberry Pi 4 (Automotive Grade Linux)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"13.477537437603994%\" valign=\"top\"\u003e\n \u003cp\u003eEmulator\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"41.26455906821963%\" valign=\"top\"\u003e\n \u003cp\u003eRaspberry Pi 4 (Android Automotive OS)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.795341098169718%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"22.462562396006657%\" valign=\"top\"\u003e\n \u003cp\u003eSupported\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\u003cp\u003eTable\u0026nbsp;3.\u0026nbsp;Details of Smartphones Connected to In-Vehicle Infotainment System\u003c/p\u003e\n\u003cdiv\u003e\n \u003ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"454\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"20.08830022075055%\" valign=\"top\"\u003e\n \u003cp\u003eManufacturer\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"18.763796909492275%\" valign=\"top\"\u003e\n \u003cp\u003eDevice\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"18.543046357615893%\" valign=\"top\"\u003e\n \u003cp\u003eOS/Version\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"42.60485651214128%\" valign=\"top\"\u003e\n \u003cp\u003eConnected Infotainment System\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"20.08830022075055%\" valign=\"top\"\u003e\n \u003cp\u003eSamsung\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"18.763796909492275%\" valign=\"top\"\u003e\n \u003cp\u003eGalaxy S9+\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"18.543046357615893%\" valign=\"top\"\u003e\n \u003cp\u003eAndroid/10\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"42.60485651214128%\" valign=\"top\"\u003e\n \u003cp\u003eAndroid Auto\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"20.08830022075055%\" valign=\"top\"\u003e\n \u003cp\u003eApple\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"18.763796909492275%\" valign=\"top\"\u003e\n \u003cp\u003eiPhone 7\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"18.543046357615893%\" valign=\"top\"\u003e\n \u003cp\u003eiOS/14.7.1\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"42.60485651214128%\" valign=\"top\"\u003e\n \u003cp\u003eApple CarPlay\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\u003cp\u003eTable\u0026nbsp;4.\u0026nbsp;Digital Forensic Tools Used in the Case Study\u003c/p\u003e\n\u003cdiv\u003e\n \u003ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"535\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003eAnalysis Method\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eDeveloper\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003eName\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003eVersion\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003ePacket Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eThe Wireshark Team\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003eWireshark\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e3.4.0\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003ePacket Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eApple\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003ePacketLogger\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e7.0.0\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003ePacket Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eThe Tcpdump team\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003etcpdump\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e4.99.3\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003eFile system Analysis\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eAccessData\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003eFTK Imager\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e4.7.1.2\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003eFile system Analysis\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eOpenText\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003eEncase\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e22.1\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003eFile system Analysis\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003egruemaster and tuxinator2009\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003eWin32 Disk Imager\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e1.0\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003eFile system Analysis\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eSublime HQ\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003ePty Ltd\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eSublime Text 4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003eBuild4143\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"25.655430711610485%\" valign=\"top\"\u003e\n \u003cp\u003eFile system Analysis\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89513108614232%\" valign=\"top\"\u003e\n \u003cp\u003eSqlitebrowser\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"28.46441947565543%\" valign=\"top\"\u003e\n \u003cp\u003eDB Browser for SQ Lite\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"11.985018726591761%\" valign=\"top\"\u003e\n \u003cp\u003e3.10.1\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n\u003cdiv id=\"Sec13\" class=\"Section2\"\u003e\n \u003ch2\u003e5.1 Forensic Analysis Method\u003c/h2\u003e\n \u003cp\u003eBased on their obtained specifications, forensic methods were selected for the analysis of each in-vehicle infotainment system. Table\u0026nbsp;2 summarizes the forensic analysis methods applied to each vehicle infotainment system. It was possible in all the 11 infotainment systems to collect packets over at least one Bluetooth or Wi-Fi communication channel. Therefore, packet fingerprinting was applied to all devices. Where both Bluetooth and Wi-Fi connectivity are available, application fingerprinting of packets using Android Auto and Apple CarPlay infotainment services were additionally performed.\u003c/p\u003e\n \u003cp\u003eFile system analysis was applied where vehicle data acquisition was possible. It was possible to acquire vehicle data from four infotainment systems; however, image comparison was not possible for one navigation system. Hence, it could only be performed with three emulators among which OpenAuto was the only infotainment system that supported wireless Android Auto and Apple CarPlay infotainment services, and vehicle data acquisition.\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv id=\"Sec14\" class=\"Section2\"\u003e\n \u003ch2\u003e5.2 Other Devices and Digital Forensic Tools\u003c/h2\u003e\n \u003cp\u003eTable\u0026nbsp;3 shows detailed information on Android and iOS smartphones which were connected to an in-vehicle infotainment system. The Android smartphone used was Samsung\u0026apos;s Galaxy S9+, running Android 10 OS version and Android Auto version 8.5.6252 infotainment service while Apple\u0026apos;s iPhone 7 was used, running iOS 14.7.1 OS version and iOS 14.7.1 version of Apple CarPlay infotainment service.\u003c/p\u003e\n \u003cp\u003eTable\u0026nbsp;4 lists the digital forensic tools used in the case study. Three tools were used for packet fingerprinting analysis: Wireshark and tcpdump were used to collect packets over Wi-Fi communication, PacketLogger was used to collect Bluetooth packets from iOS smartphones, and host-controller interface (HCI) snoop log (a native feature of the Android OS) was used for Bluetooth packet collection from Android smartphones. The collected packets were analyzed using Wireshark. Forensic toolkit (FTK) Imager and Encase were used for digital forensic analysis of acquired images, file extraction, and deleted file recovery, while Win32 Disk Imager was used to image the MicroSDs attached to the Raspberry Pi 4 devices that were used. Sublime Text 4 and the DB Browser for SQ Lite were used to derive artifacts by analyzing the acquired data.\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv id=\"Sec15\" class=\"Section2\"\u003e\n \u003ch2\u003e5.3 Case Study Design\u003c/h2\u003e\n \u003cp\u003eA case study was conducted based on the flowchart shown in Fig. \u003cspan class=\"InternalRef\"\u003e1\u003c/span\u003e. Eleven infotainment systems were used in the case study, and Android and iOS smartphones were connected wirelessly to each infotainment system. Subsequently, packet fingerprinting was applied to wireless communication in an infotainment environment, and file system analysis was applied to the internal storage of the infotainment system.\u003c/p\u003e\n \u003cp\u003ePacket fingerprinting was performed on all 11 infotainment systems, nine of which supported both Bluetooth and Wi-Fi connectivity, while two infotainment systems supported only Bluetooth connectivity. Accordingly, packet acquisition over Bluetooth and Wi-Fi connectivity and packet acquisition over Bluetooth connectivity was conducted for the two sets of systems. A total of 20 packet acquisitions were conducted because packets were respectively collected for the Android and iOS smartphone connections of each infotainment system. A packet collection method suitable for the operating system of each connected smartphone was applied. For the Android smartphones, we used the HCI snoop log function for Bluetooth packet collection and tcpdump for Wi-Fi packet collection. For the iOS smartphones, we used the PacketLogger tool for Bluetooth packet collection and Wireshark for Wi-Fi packet collection. Subsequently, device and application fingerprinting were applied to the collected packets. Wireshark was used to analyze the collected packets. Application fingerprinting was additionally applied for systems capable of wireless connectivity for Android Auto and Apple CarPlay services.\u003c/p\u003e\n \u003cp\u003eFor file system analysis, image comparisons were conducted for each of the three emulator systems used in the case study. Vehicle data acquisition was performed from MicroSD devices using the Win32 Disk Imager tool; vehicle data acquisition was performed before and after a smartphone was connected to each infotainment system and used. The two acquired images (before and after smartphone connection and use) were compared and analyzed. This enabled information identification, including newly created, modified, and deleted files. Subsequently, based on the identified information, artifacts related to wireless communication were derived and used to validate the packet fingerprinting results. We used various digital forensic tools, such as FTK Imager and Encase, for file system analysis\u003c/p\u003e\n \u003cp\u003eTable\u0026nbsp;5.\u0026nbsp;Packet Fingerprinting Results in a Wireless Connection Environment (Head Unit)\u003c/p\u003e\n \u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"608\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"11.677631578947368%\"\u003e\n \u003cp\u003eCategory\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.651315789473685%\"\u003e\n \u003cp\u003eType\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"12.171052631578947%\"\u003e\n \u003cp\u003eSource\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.93421052631579%\"\u003e\n \u003cp\u003eField\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"32.56578947368421%\"\u003e\n \u003cp\u003eValue\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"11.677631578947368%\" rowspan=\"9\" valign=\"top\"\u003e\n \u003cp\u003eAndroid\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.651315789473685%\" rowspan=\"5\" valign=\"top\"\u003e\n \u003cp\u003eDevice Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"12.171052631578947%\" rowspan=\"4\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.93421052631579%\" valign=\"top\"\u003e\n \u003cp\u003eBD_ADDR\u0026nbsp;\u003cbr\u003e\u0026nbsp;(Bluetooth Device Address)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"32.56578947368421%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit: 28:0f:eb:42:a6:74\u003c/p\u003e\n \u003cp\u003eSmartphone: 50:77:05:d9:a7:eb\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003eDevice Name\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit: EV6\u003c/p\u003e\n \u003cp\u003eSmartphone: Galaxy S9+\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003ePhone Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eNumber: +82104433***7\u003c/p\u003e\n \u003cp\u003eModel: SM-G965N\u003c/p\u003e\n \u003cp\u003eVendor: SAMSUNG\u003c/p\u003e\n \u003cp\u003eISP: KT\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi Network Info\u003c/p\u003e\n \u003cp\u003e(Generated from Head Unit)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eSSID: AAWireless-XiOu2qMU\u003c/p\u003e\n \u003cp\u003eMAC: 3a:24:f1:c4:d7:fa\u003c/p\u003e\n \u003cp\u003eIP Address: 10.42.1.1\u003c/p\u003e\n \u003cp\u003ePW: 6C55829BFD4D447822FBC0B08A7EFD9900EBACCB\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"16.29955947136564%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"40.08810572687225%\" valign=\"top\"\u003e\n \u003cp\u003eEthernet Frame.MAC Address\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"43.61233480176212%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit: 3a:24:f1:c4:d7:fa\u003c/p\u003e\n \u003cp\u003eSmartphone: e2:0b:a7:66:dd:d3\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"15.456238361266294%\" rowspan=\"4\" valign=\"top\"\u003e\n \u003cp\u003eApplication Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.780260707635009%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89199255121043%\" valign=\"top\"\u003e\n \u003cp\u003eSDP Protocol.Service Name\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.87150837988827%\" valign=\"top\"\u003e\n \u003cp\u003eWireless Android Auto Protocol\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003eMMS Text\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eDatetime: 20230309T144352\u003c/p\u003e\n \u003cp\u003eSender: +8210639****1\u003c/p\u003e\n \u003cp\u003eText: test message\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"16.29955947136564%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"40.08810572687225%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Port\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"43.61233480176212%\" valign=\"top\"\u003e\n \u003cp\u003e36812, 36830, 36910, 54321\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Data\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eGoogle Automotive Link\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"11.677631578947368%\" rowspan=\"7\" valign=\"top\"\u003e\n \u003cp\u003eiOS\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.651315789473685%\" rowspan=\"5\" valign=\"top\"\u003e\n \u003cp\u003eDevice Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"12.171052631578947%\" rowspan=\"4\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.93421052631579%\" valign=\"top\"\u003e\n \u003cp\u003eBD_ADDR\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"32.56578947368421%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit: 68:4e:05:6d:b3:48\u003c/p\u003e\n \u003cp\u003eSmartphone: 78:4f:43:01:ba:8f\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003eDevice Name\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit: KIA-EFAB\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003ePhone Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eModel: iPhone7\u003c/p\u003e\n \u003cp\u003eVendor: Apple\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi Network Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eSSID: KIA4C\u003c/p\u003e\n \u003cp\u003ePW: 12345678\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"16.29955947136564%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"40.08810572687225%\" valign=\"top\"\u003e\n \u003cp\u003eHost\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"43.61233480176212%\" valign=\"top\"\u003e\n \u003cp\u003eiPhone7.local\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"15.456238361266294%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eApplication Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.780260707635009%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.89199255121043%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Port\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.87150837988827%\" valign=\"top\"\u003e\n \u003cp\u003e5000, 40494, 50298, 58925, 61678\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"47.89473684210526%\" valign=\"top\"\u003e\n \u003cp\u003eUser-Agent\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"52.10526315789474%\" valign=\"top\"\u003e\n \u003cp\u003eAirPlay/320.17.7\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv id=\"Sec16\" class=\"Section2\"\u003e\n \u003ch2\u003e5.4 Head Unit\u003c/h2\u003e\n \u003cp\u003eThe case study involved five head units. Identification information pertaining to these units, which were derived from fingerprinting analyses of collected wireless communication packets, is organized into head unit categories in Table\u0026nbsp;5. A total of 22 pieces of identification information were derived from the wireless communication networks of in-vehicle infotainment systems connected to the Android smartphone; these included 13 pieces of identification information for device fingerprinting and 9 pieces of identification information for application fingerprinting. Through device fingerprinting, identification information for each head unit and connected smartphone were derived. As a result of application fingerprinting, identification information was used to identify the Android Auto and Google Automotive Link services. If the vehicle driver receives or sends a text message, their phone number and message content could be obtained through packet analysis.\u003c/p\u003e\n \u003cp\u003eBy analyzing the security threat factors in the environment, we confirmed that the 2016 KIA K5 infotainment system did not create a password for its Wi-Fi network. This allows attackers to easily break into the vehicle network without needing to eavesdrop on Bluetooth communications. However, for the 2021 KIA Sorento and 2023 KIA EV6 systems, passwords were set and password transmission for authentication was encrypted.\u003c/p\u003e\n \u003cp\u003eFifteen pieces of identification information were derived from wireless communications of in-vehicle infotainment systems connected to the iOS smartphone; these included nine pieces of identification information for device fingerprinting and six pieces of identification information for application fingerprinting. Through device fingerprinting, various types of identification information regarding the head units were derived. For the iOS smartphone, information about the manufacturer, model, and identification information related to AirPlay service were obtained. As a result of application fingerprinting, when using Apple CarPlay, identification information, such as communication based on AirPlay and the TCP port used by Apple CarPlay, were derived. On iOS, unlike Android, text messages were not sent over a Bluetooth channel.\u003c/p\u003e\n \u003cp\u003eTable\u0026nbsp;6.\u0026nbsp;Packet Fingerprinting Results in a Wireless Connection Environment (Navigation)\u003c/p\u003e\n \u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"599\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"10.702341137123746%\"\u003e\n \u003cp\u003e\u0026nbsp;Category\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"16.722408026755854%\"\u003e\n \u003cp\u003eType\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.210702341137123%\"\u003e\n \u003cp\u003eSource\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"26.254180602006688%\"\u003e\n \u003cp\u003eField\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.11036789297659%\"\u003e\n \u003cp\u003eValue\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"10.702341137123746%\" rowspan=\"7\" valign=\"top\"\u003e\n \u003cp\u003eAndroid\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"16.722408026755854%\" rowspan=\"5\" valign=\"top\"\u003e\n \u003cp\u003eDevice Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.210702341137123%\" rowspan=\"4\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"26.254180602006688%\" valign=\"top\"\u003e\n \u003cp\u003eBD_ADDR\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.11036789297659%\" valign=\"top\"\u003e\n \u003cp\u003eNavigation: fc:4b:bc:33:be:b1\u003c/p\u003e\n \u003cp\u003eSmartphone: 50:77:05:d9:a7:eb\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003eDevice Name\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eNavigation: CarBt_33beb1\u003c/p\u003e\n \u003cp\u003eSmartphone: Galaxy S9+\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003ePhone Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eNumber: +82104433***7\u003c/p\u003e\n \u003cp\u003eModel: SM-G965N\u003c/p\u003e\n \u003cp\u003eVendor: SAMSUNG\u003c/p\u003e\n \u003cp\u003eISP: KT\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi Network Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eSSID: CarWiFi_33beb1\u003c/p\u003e\n \u003cp\u003eMAC: 94:A4:08:00:AF:53\u003c/p\u003e\n \u003cp\u003eIP Addr:192.168.0.1\u003c/p\u003e\n \u003cp\u003ePW: 88888888\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"18.202764976958527%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.175115207373274%\" valign=\"top\"\u003e\n \u003cp\u003eEthernet Frame.MAC Address\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"45.6221198156682%\" valign=\"top\"\u003e\n \u003cp\u003eNavigation: 94:a4:08:00:af:53\u003c/p\u003e\n \u003cp\u003eSmartphone: 42:ca:d9:20:2f:d9\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"18.726591760299627%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eApplication Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.794007490636703%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.40074906367041%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Port\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"37.07865168539326%\" valign=\"top\"\u003e\n \u003cp\u003e8765, 52730\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Data\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eGoogle Automotive Link\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"10.702341137123746%\" rowspan=\"10\" valign=\"top\"\u003e\n \u003cp\u003eiOS\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"16.722408026755854%\" rowspan=\"7\" valign=\"top\"\u003e\n \u003cp\u003eDevice Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.210702341137123%\" rowspan=\"5\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"26.254180602006688%\" valign=\"top\"\u003e\n \u003cp\u003eBD_ADDR\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"33.11036789297659%\" valign=\"top\"\u003e\n \u003cp\u003eNavigation: fc:4b:bc:33:be:b1\u003c/p\u003e\n \u003cp\u003eSmartphone: 78:4f:43:01:ba:8f\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003eDevice Name\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eNavigation: CarBt_33beb1\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003eRFCOMM Data\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eVersion 14.7.1 (Build 18G82)\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003ePhone Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eNumber: +82104433***7\u003c/p\u003e\n \u003cp\u003eModel: iPhone 7 (iPhone9,3)\u003c/p\u003e\n \u003cp\u003eVendor: Apple\u003c/p\u003e\n \u003cp\u003eISP: KT\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi Network Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eSSID: CarWiFi_33beb1\u003c/p\u003e\n \u003cp\u003ePW: 88888888\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"18.202764976958527%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.175115207373274%\" valign=\"top\"\u003e\n \u003cp\u003eHost\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"45.6221198156682%\" valign=\"top\"\u003e\n \u003cp\u003eiPhone7.local\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003eAirPlay-Receiver-Device-ID\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003e277402210254514\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"18.726591760299627%\" rowspan=\"3\" valign=\"top\"\u003e\n \u003cp\u003eApplication Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"14.794007490636703%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.40074906367041%\" valign=\"top\"\u003e\n \u003cp\u003eRFCOMM Data\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"37.07865168539326%\" valign=\"top\"\u003e\n \u003cp\u003eWireless CarPlay1\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"18.202764976958527%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.175115207373274%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Port\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"45.6221198156682%\" valign=\"top\"\u003e\n \u003cp\u003e44236, 52380\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"44.225352112676056%\" valign=\"top\"\u003e\n \u003cp\u003eUser-Agent\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"55.774647887323944%\" valign=\"top\"\u003e\n \u003cp\u003eAirPlay/320.17.7\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003cp\u003eBy analyzing the security threat factors existing in the environment, we confirmed that the Wi-Fi network password created in an older infotainment system was exposed in plain text. In the more recent infotainment systems, passwords were transmitted encrypted. This means for older infotainment systems, attackers could easily intrude into vehicle networks by eavesdropping on Bluetooth communications.\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv id=\"Sec17\" class=\"Section2\"\u003e\n \u003ch2\u003e5.5 Navigation\u003c/h2\u003e\n \u003cp\u003eThe case study involved three types of navigation systems. The identification information derived from the collected wireless communication packet fingerprinting analysis results is presented in the navigation categories in Table\u0026nbsp;6. Seventeen pieces of identification information were derived from the wireless communication networks of in-vehicle infotainment systems connected to the Android smartphone; these consisted of 14 pieces of identification information for device fingerprinting and 3 pieces of identification information for application fingerprinting.\u003c/p\u003e\n \u003cp\u003eSixteen pieces of identification information were derived from the wireless communication networks of vehicle infotainment systems connected to the iOS smartphone. Among these were 12 pieces of identification information for device fingerprinting and four pieces of identification information for application fingerprinting. In the case of a navigation environment, unlike the other infotainment environments, identification information on the smartphone could be acquired.\u003c/p\u003e\n \u003cp\u003eTable\u0026nbsp;7.\u0026nbsp;Packet Fingerprinting Results in a Wireless Connection Environment (Emulator)\u003c/p\u003e\n \u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"599\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"12.333333333333334%\"\u003e\n \u003cp\u003eCategory\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"21%\"\u003e\n \u003cp\u003eType\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.166666666666666%\"\u003e\n \u003cp\u003eSource\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"26.5%\"\u003e\n \u003cp\u003eField\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"27%\"\u003e\n \u003cp\u003eValue\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"12.333333333333334%\" rowspan=\"8\" valign=\"top\"\u003e\n \u003cp\u003eAndroid\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"21%\" rowspan=\"5\" valign=\"top\"\u003e\n \u003cp\u003eDevice Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.166666666666666%\" rowspan=\"4\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"26.5%\" valign=\"top\"\u003e\n \u003cp\u003eBD_ADDR\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"27%\" valign=\"top\"\u003e\n \u003cp\u003eEmulator: 00:1a:7d:da:71:0a\u003c/p\u003e\n \u003cp\u003eSmartphone: 50:77:05:d9:a7:eb\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003eDevice Name\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003eHead Unit: OpenAuto-Pro\u0026nbsp;\u003cbr\u003e\u0026nbsp;Smartphone: Galaxy S9+\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003ePhone Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003eNumber: +82104433***7\u003c/p\u003e\n \u003cp\u003eModel: SM-G965N\u003c/p\u003e\n \u003cp\u003eVendor: SAMSUNG\u003c/p\u003e\n \u003cp\u003eISP: KT\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi Network Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003eSSID: OpenAutoPro\u003c/p\u003e\n \u003cp\u003eMAC: e4:5f:01:1b:a9:86\u003c/p\u003e\n \u003cp\u003eIP Addr: 192.168.4.1\u003c/p\u003e\n \u003cp\u003ePW: 1234567890\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"19.75%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"39.75%\" valign=\"top\"\u003e\n \u003cp\u003eEthernet Frame.MAC Address\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"40.5%\" valign=\"top\"\u003e\n \u003cp\u003eEmulator: e4:5f:01:1b:a9:86\u003c/p\u003e\n \u003cp\u003eSmartphone: f6:5a:d2:f3:ab:5f\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"23.954372623574145%\" rowspan=\"3\" valign=\"top\"\u003e\n \u003cp\u003eApplication Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.019011406844106%\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"30.228136882129277%\" valign=\"top\"\u003e\n \u003cp\u003eSDP Protocol.Service Name\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"30.79847908745247%\" valign=\"top\"\u003e\n \u003cp\u003eWireless Android Auto Protocol\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"19.75%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"39.75%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Port\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"40.5%\" valign=\"top\"\u003e\n \u003cp\u003e5000, 56008\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Data\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003eGoogle Automotive Link\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"12.333333333333334%\" rowspan=\"8\" valign=\"top\"\u003e\n \u003cp\u003eiOS\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"21%\" rowspan=\"6\" valign=\"top\"\u003e\n \u003cp\u003eDevice Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"13.166666666666666%\" rowspan=\"4\" valign=\"top\"\u003e\n \u003cp\u003eBluetooth\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"26.5%\" valign=\"top\"\u003e\n \u003cp\u003eBD_ADDR\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"27%\" valign=\"top\"\u003e\n \u003cp\u003eExternal Device: 38:ba:b0:32:91:ad\u003c/p\u003e\n \u003cp\u003eSmartphone: 78:4f:43:01:ba:8f\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003eDevice Name\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003eExternal Device: AutoKit-edd9\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003ePhone Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003eModel: iPhone7\u003c/p\u003e\n \u003cp\u003eVendor: Apple\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi Network Info\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003eSSID: AutoBox-cd81\u003c/p\u003e\n \u003cp\u003ePW: 12345678\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"19.75%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"39.75%\" valign=\"top\"\u003e\n \u003cp\u003eHost\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"40.5%\" valign=\"top\"\u003e\n \u003cp\u003eiPhone7.local\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003eAirPlay-Receiver-Device-ID\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003e963351056813\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"23.954372623574145%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eApplication Fingerprinting\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"15.019011406844106%\" rowspan=\"2\" valign=\"top\"\u003e\n \u003cp\u003eWi-Fi\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"30.228136882129277%\" valign=\"top\"\u003e\n \u003cp\u003eTCP Port\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"30.79847908745247%\" valign=\"top\"\u003e\n \u003cp\u003e500, 36799, 45158, 48006, 51338-51341\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"49.532710280373834%\" valign=\"top\"\u003e\n \u003cp\u003eUser-Agent\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"50.467289719626166%\" valign=\"top\"\u003e\n \u003cp\u003eAirPlay/320.81\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n \u003cp\u003eTable\u0026nbsp;8.\u0026nbsp;Image Comparison Analysis Result for OpenAuto\u003c/p\u003e\n \u003cdiv\u003e\n \u003ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"480\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"24.843423799582464%\" valign=\"top\"\u003e\n \u003cp\u003eConnected Device\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.954070981210855%\" valign=\"top\"\u003e\n \u003cp\u003eVariable\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.436325678496868%\" valign=\"top\"\u003e\n \u003cp\u003eCapacity (Before Use)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"27.76617954070981%\" valign=\"top\"\u003e\n \u003cp\u003eCapacity (After Use)\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"24.843423799582464%\" rowspan=\"3\" valign=\"top\"\u003e\n \u003cp\u003eGalaxy S9+\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.954070981210855%\" valign=\"top\"\u003e\n \u003cp\u003eTotal\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.436325678496868%\" valign=\"top\"\u003e\n \u003cp\u003e6.2 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"27.76617954070981%\" valign=\"top\"\u003e\n \u003cp\u003e14.6 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"23.88888888888889%\" valign=\"top\"\u003e\n \u003cp\u003eAllocated\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"39.166666666666664%\" valign=\"top\"\u003e\n \u003cp\u003e4.82 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.94444444444444%\" valign=\"top\"\u003e\n \u003cp\u003e3.85 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"23.88888888888889%\" valign=\"top\"\u003e\n \u003cp\u003eUnallocated\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"39.166666666666664%\" valign=\"top\"\u003e\n \u003cp\u003e1.348 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.94444444444444%\" valign=\"top\"\u003e\n \u003cp\u003e10.75 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"24.843423799582464%\" rowspan=\"3\" valign=\"top\"\u003e\n \u003cp\u003eiPhone 7\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"17.954070981210855%\" valign=\"top\"\u003e\n \u003cp\u003eTotal\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.436325678496868%\" valign=\"top\"\u003e\n \u003cp\u003e6.2 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"27.76617954070981%\" valign=\"top\"\u003e\n \u003cp\u003e14.6 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"23.88888888888889%\" valign=\"top\"\u003e\n \u003cp\u003eAllocated\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"39.166666666666664%\" valign=\"top\"\u003e\n \u003cp\u003e4.82 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.94444444444444%\" valign=\"top\"\u003e\n \u003cp\u003e3.88 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"23.88888888888889%\" valign=\"top\"\u003e\n \u003cp\u003eUnallocated\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"39.166666666666664%\" valign=\"top\"\u003e\n \u003cp\u003e1.38 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"36.94444444444444%\" valign=\"top\"\u003e\n \u003cp\u003e10.72 GB\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003c/div\u003e\n \u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n \u003cp\u003eTable\u0026nbsp;9.\u0026nbsp;Artifacts Derived From File System Analysis\u003c/p\u003e\n \u003cdiv\u003e\n \u003ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"618\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd width=\"27.993527508090615%\" valign=\"top\"\u003e\n \u003cp\u003ePath\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.28802588996764%\" valign=\"top\"\u003e\n \u003cp\u003eName\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"42.71844660194175%\" valign=\"top\"\u003e\n \u003cp\u003eValue\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"27.993527508090615%\" valign=\"top\"\u003e\n \u003cp\u003e/home/pi/.openauto/cache/\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.28802588996764%\" valign=\"top\"\u003e\n \u003cp\u003eopenauto.log\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"42.71844660194175%\" valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003e- Android Smartphone\u003c/strong\u003e\u003c/p\u003e\n \u003cp\u003e[AndroidAutoWirelessProfile]\u003cbr\u003e\u0026nbsp;new connection, address: 50:77:05:D9:A7:E8\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003cp\u003e[AndroidAutoWirelessProfile]\u003cbr\u003e\u0026nbsp;Wi-Fi IP Address: 192.168.4.1\u003c/p\u003e\n \u003cp\u003eName: GalaxyS9+\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003cp\u003e\u003cstrong\u003e- iOS Smartphone\u003c/strong\u003e\u003c/p\u003e\n \u003cp\u003e[AutoboxEntity]\u003cbr\u003e\u0026nbsp;paired phone, address: 78:4F:43:01:B1:8F\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003cp\u003e[AutoboxEntity]\u003cbr\u003e\u0026nbsp;recent phone, address: 78:4F:43:01:B1:8F, name: iPhone7\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"27.993527508090615%\" valign=\"top\"\u003e\n \u003cp\u003e/home/pi/.openauto/cache/\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.28802588996764%\" valign=\"top\"\u003e\n \u003cp\u003eopenauto_cache.ini\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"42.71844660194175%\" valign=\"top\"\u003e\n \u003cp\u003eLastConnectedAddress=50:77:05:D9:A7:EB\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"27.993527508090615%\" valign=\"top\"\u003e\n \u003cp\u003e/home/pi/.openauto/cache/hfp/\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.28802588996764%\" valign=\"top\"\u003e\n \u003cp\u003epb553217337.vcf\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"42.71844660194175%\" valign=\"top\"\u003e\n \u003cp\u003e- Smartphone Information\u003c/p\u003e\n \u003cp\u003eTEL;CELL: 010443*****\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003cp\u003e- Contact Details\u003c/p\u003e\n \u003cp\u003eN;CHARSET=UTF-8:;O***bin;;;\u003c/p\u003e\n \u003cp\u003eFN:CHARSET=UTF-8:O***bin\u003c/p\u003e\n \u003cp\u003eTEL;CELL: 010740*****\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd width=\"27.993527508090615%\" valign=\"top\"\u003e\n \u003cp\u003e/home/pi/.openauto/cache/hfp/\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"29.28802588996764%\" valign=\"top\"\u003e\n \u003cp\u003ecch553217337.vcf\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd width=\"42.71844660194175%\" valign=\"top\"\u003e\n \u003cp\u003eTEL;VOICE:010740******\u003c/p\u003e\n \u003cp\u003eX-IRMC-CALL-DATETIME;RECEIVED:20221020T222235\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003c/div\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003cp\u003eThe identification information derived from the navigation environment was almost identical to that from the head unit infotainment environment; however, we confirmed that the identified MAC address was different from that of the smartphone used in Wi-Fi communication. Moreover, it was impossible to identify the service (SDP Protocol.Service Name: Android Auto) used in the Bluetooth communication. Vulnerability analysis of the navigation environment confirmed that it had similar vulnerabilities as the head unit environment.\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv id=\"Sec18\" class=\"Section2\"\u003e\n \u003ch2\u003e5.6 Emulator\u003c/h2\u003e\n \u003cp\u003eThe case study involved three emulators. The identification information derived from the collected wireless communication packet fingerprinting analysis results is organized into emulator categories in Table\u0026nbsp;7. Eighteen pieces of identification information are derived from the wireless communication networks of the vehicle infotainment systems connected to an Android smartphone. Among these were 14 pieces of identification information for device fingerprinting and 4 pieces of identification information for application fingerprinting.\u003c/p\u003e\n \u003cp\u003eEighteen pieces of identification information were derived from the wireless communication networks of the vehicle infotainment systems connected to the iOS smartphone. Among these were nine pieces of identification information for device fingerprinting and nine pieces of identification information for application fingerprinting. Identification information derived from the emulator environment was mostly similar to those of the previously analyzed head unit and navigation environments. Vulnerability analysis of the emulator environment confirmed that it has similar vulnerabilities as the head unit and navigation environments. In addition, file system analysis was performed on the internal storage of each emulator system. Images were collected before and after smartphone connection and use, and the results of the image comparisons are listed in Table 8. In the case of the initial image of OpenAuto, the total size is 6.2 GB, the allocated area is 4.82 GB, and the unallocated area is 1.38 GB, and it was confirmed that Ext4 is used as the file system. Analysis of the images after connecting and using the Android and iOS smartphones confirmed that the size of the allocated area decreased by approximately 1 GB, and the size of the unallocated area increased by approximately 9 GB in both images. This means that approximately 9 GB of data were deleted. In addition, it was found that about 1 GB of data was created/modified/deleted as the smartphone was connected and used.\u003c/p\u003e\n \u003cp\u003eBased on the results of the image comparison, it was confirmed that the recovery of deleted data (unallocated areas) and the analysis of modified or newly created data are necessary. Therefore, in the artifact derivation step, a file extraction and recovery technique based on Ext4 file system metadata was applied. The extracted and restored files were analyzed, and information related to wireless communication and connected devices was derived. The derived artifacts are listed in Table\u0026nbsp;9.\u003c/p\u003e\n \u003cp\u003eAn OpenAuto log file is shown in Fig.\u0026nbsp;2. It is a log file that stores the B luetooth address and name of the connected smartphone, as shown in 2. It also stores the IP address of the Wi-Fi network created using the OpenAuto system. In addition, the differences between Android Auto (self-supported) and Apple CarPlay (with an external device) were confirmed. In the case of Android Auto, the [AndroidAutoWirelessProfile] string can be checked. However, in the case of Apple CarPlay using an external device, the [AutoboxEntity] string can be checked. For the Openauto_cache.ini file, the Bluetooth addresses of the connected smartphone and the last connected smartphone were stored. The pb553217337.vcf and cch553217337.vcf files are contact and call list files synchronized from a smartphone through Bluetooth communication. Thus, the phone number and call list of a connected smartphone can be obtained. We confirmed that the information acquired from the internal storage of the vehicle matched that obtained from wireless communication packet printing.\u003c/p\u003e\n\u003c/div\u003e"},{"header":"6 Discussion","content":"\u003cp\u003eWireless communication packets of in-vehicle infotainment systems contain various types of identification information about the infotainment system and connected devices. These are potential sources of data that, if exposed, can be used for criminal purposes. For example, an attacker may use data obtained by eavesdropping on wireless communication in an in-vehicle infotainment system for cybercriminal activities or intrude into the vehicle network through vulnerabilities in the wireless communication environment. Our findings exemplify this point. Some infotainment systems do not set passwords for the Wi-Fi networks used for communication. While most infotainment systems set a password for their Wi-Fi networks, some transmit the passwords in plain text, rather being encrypted. Attackers can easily break into in-vehicle networks by eavesdropping on wireless communications.\u003c/p\u003e \u003cp\u003eOur research results derived various types of identification information from the wireless communication packets of in-vehicle infotainment systems and identified some vulnerabilities. Hence, the in-vehicle wireless communication environment is currently not sufficiently secure. When we analyzed the Wi-Fi packets in an environment where an iOS smartphone was connected, the MAC addresses of the two connected devices could not be determined, unlike in an environment where an Android smartphone was connected. We reasoned that there may have been errors in the packet collection process and repeated the collection process again, but the experience persisted. This may be a problem with the parsing function of Wireshark, used as an analysis tool, or there may be a difference in the communication specifications between Apple CarPlay and Android Auto infotainment services. Additionally, in analyzing the Wi-Fi packets, it was not possible to analyze actual usage data (or payload) because of the non-specification of standard APIs for communication with Android Auto and Apple CarPlay services. Typically, actual usage data are the sources of information that aid the activities of cyber attackers. Further analysis on this requires research on the communication protocol requirements for these services.\u003c/p\u003e \u003cp\u003eFurthermore, file system analysis was performed on three emulator systems. Through this, it was possible to validate information previously obtained through packet fingerprinting. However, file system analysis was not done for the head unit and navigation systems owing to difficulty of acquiring data from the internal storage devices of these systems. In lieu of other options, chip-off may be performed, although most in-vehicle infotainment systems prohibit this. Moreover, considering the destructive characteristics of chip-off data extraction, research on nondestructive data acquisition methods should continue to be considered.\u003c/p\u003e \u003cp\u003eThe results of this study are based on packet analysis and hence are real-time. Therefore, it may be difficult for forensic investigators to utilize our research in their processes of collecting criminal evidence when conducting post-mortem investigations of in-vehicle network security incidents. However, we analyzed security threats from a wireless communications security perspective, targeting 11 in-vehicle infotainment systems. Blocking of security threats that may occur in the future through pre-inspection and post-incidence investigation are sufficiently meaningful results from a digital forensics perspective. Moreover, our findings can enable forensics investigators conducting post-mortem investigations in deriving an attacker's vehicle network intrusion route and attack method.\u003c/p\u003e"},{"header":"7 Conclusion","content":"\u003cp\u003eWireless communication in the in-vehicle environment is becoming increasingly complex and contains a variety of information. Therefore, communication in the in-vehicle environment is potentially exposed to cybercrime. However, digital forensic research to improve the level of security has not been sufficiently conducted. In this study, we conducted a case study by configuring 11 infotainment environments to improve the security level of wireless communications in in-vehicle infotainment environments. Wireless communication packets were collected, and fingerprinting was performed to derive various identification information and evaluate the vulnerabilities. Furthermore, the validity of the packet fingerprinting results were verified by analyzing the data stored in the internal storage of some of the infotainment systems. The results of our study can be meaningfully used in future digital forensic investigations.\u003c/p\u003e \u003cp\u003eDirections of future research include:\u003c/p\u003e \u003cp\u003e(1) To conduct fingerprinting research on wireless communication in more complex environments, such as involving electric vehicles and connected cars. These investigations potentially will enable digital forensic investigators better cope with digital investigations of vehicles.\u003c/p\u003e \u003cp\u003e(2) Research may be conducted on methods to acquire the internal storage data of in-vehicle infotainment environments in a nondestructive manner.\u003c/p\u003e \u003cp\u003e(3) Another potential area of study is to analyze the communication specifications of infotainment services such as Android Auto and Apple CarPlay. This may require decompilation analyses of applications installed on Android and iOS smartphones.\u003c/p\u003e"},{"header":"Declarations","content":"\u003ch2\u003eAuthor Contribution\u003c/h2\u003e\u003cp\u003eY.S. contributed to conceptualization, methodology, analysis, and writing.G.Y. contributed to analysis and validation.T.S. performed a review of the paper and provided important revisions.\u003c/p\u003e\u003ch2\u003eAcknowledgement\u003c/h2\u003e\u003cp\u003eThis work was supported by Institute of Information \u0026amp; communications Technology Planning \u0026amp; Evaluation (IITP) grant funded by the Korea government (MIST) (No.2022-0-01022, Development of Collection and Inte-grated Analysis Methods of Automotive Inter/Intra System Artifacts through Construction of Event-based experimental system)\u003c/p\u003e"},{"header":"References","content":"\u003col\u003e\u003cli\u003e\u003cspan\u003eAmadeo R (2023) Android Automotive goes mainstream: A review of GM\u0026rsquo;s new infotainment system, Available online: \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ehttps://arstechnica.com/gadgets/2023/01/Android-automotive-goes-mainstream-a-review-of-gms-new-infotainment-system/\u003c/span\u003e\u003cspan address=\"https://arstechnica.com/gadgets/2023/01/Android-automotive-goes-mainstream-a-review-of-gms-new-infotainment-system/\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eTsui C (2023) Polestar Android Automotive OS Infotainment Review: A Step in the Right Direction, Available online: \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ehttps://www.thedrive.com/car-reviews/polestar-2-Android-automotive-os-infotainment-review-google-specs-system-tech-evs-electric-cars\u003c/span\u003e\u003cspan address=\"https://www.thedrive.com/car-reviews/polestar-2-Android-automotive-os-infotainment-review-google-specs-system-tech-evs-electric-cars\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eJulich T, BMW Group to build on Android Open Source Project (AOSP) for BMW Operating System 9 (2022), Available online: press.\u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ebmwgroup.com/global/article/detail/T0401875EN/bmw-group-expands-bmw-operating-system-8-with-a-variant-that-integrates-Android-automotive-os?language\u0026thinsp;=\u0026thinsp;en\u003c/span\u003e\u003cspan address=\"http://bmwgroup.com/global/article/detail/T0401875EN/bmw-group-expands-bmw-operating-system-8-with-a-variant-that-integrates-Android-automotive-os?language\u0026thinsp;=\u0026thinsp;en\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eAGL (2022) Automotive Grade Linux Showcases Open Source Technology and Software Defined Vehicle at CES 2023, Available online: \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ehttps://www.prnewswire.com/news-releases/automotive-grade-linux-showcases-open-source-technology-and-software-defined-vehicle-at-ces-2023-301707708.html\u003c/span\u003e\u003cspan address=\"https://www.prnewswire.com/news-releases/automotive-grade-linux-showcases-open-source-technology-and-software-defined-vehicle-at-ces-2023-301707708.html\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eAGL (2018) Automotive Grade Linux Hits the Road Globally with Toyota; Amazon Alexa Joins AGL to Support Voice Recognition, Available online: \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ehttps://www.automotivelinux.org/announcements/automotive-grade-linux-hits-road-globally-toyota-amazon-alexa-joins-agl-support-voice-recognition/\u003c/span\u003e\u003cspan address=\"https://www.automotivelinux.org/announcements/automotive-grade-linux-hits-road-globally-toyota-amazon-alexa-joins-agl-support-voice-recognition/\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLiu S et al (2019) Edge computing for autonomous driving: Opportunities and challenges. Proceedings of the IEEE 107.8 : 1697\u0026ndash;1716\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLiu L et al (2020) Computing systems for autonomous driving: State of the art and challenges. IEEE Internet Things J 8(8):6469\u0026ndash;6486\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eJo W, Kim S, Kim H, Shin Y, Shon T (2022) Automatic whitelist generation system for ethernet based in-vehicle network. 142:103735 Computers in Industry\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eKim S, Jo W, Lee J, Shon T (2022) AI-enabled device digital forensics for smart cities. J Supercomputing 78(2):3029\u0026ndash;3044\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eHasan M et al (2020) Securing vehicle-to-everything (V2X) communication platforms. IEEE Trans Intell Veh 5(4):693\u0026ndash;713\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eMahr A et al (2022) Auto-Parser: Android Auto and Apple CarPlay Forensics. Digital Forensics and Cyber Crime: 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6\u0026ndash;9, 2021, Proceedings. Cham: Springer International Publishing\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLakshmanan R (2022) Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers, Online Available: \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ehttps://thehackernews.com/2022/12/researcher-uncovers-potential.html\u003c/span\u003e\u003cspan address=\"https://thehackernews.com/2022/12/researcher-uncovers-potential.html\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eHope A, Mercedes and Toyota (2023) Severe API Security Flaws Affect Millions of Vehicles from 16 Car Manufacturers, Including BMW, Online Available: \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ehttps://www.cpomagazine.com/cyber-security/severe-api-security-flaws-affect-millions-of-vehicles-from-16-car-manufacturers-including-bmw-mercedes-and-toyota/\u003c/span\u003e\u003cspan address=\"https://www.cpomagazine.com/cyber-security/severe-api-security-flaws-affect-millions-of-vehicles-from-16-car-manufacturers-including-bmw-mercedes-and-toyota/\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eKim S, Jo W, Shon T (2020) APAD: Autoencoder-based payload anomaly detection for industrial IoE. Appl Soft Comput 88:106017\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eKim M, Shin Y, Jo W, Shon T (2023) Digital forensic analysis of intelligent and smart IoT devices. J Supercomputing\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eKwon S, Yoo H, Shon T (2020) \u0026lsquo;IEEE 1815.1-based power system security with bidirectional RNN-based network anomalous attack detection for cyber-physical system. \u0026rsquo; IEEE Access 8:77572\u0026ndash;77586\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eChowdhury R, Roy et al (2020) Network traffic analysis based iot device identification. Proceedings of the 2020 the 4th International Conference on Big Data and Internet of Things\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eHamad S, Abdalla et al (2019) Iot device identification via network-flow based Fingerprinting and learning. 2019 18th IEEE international conference on trust, security and privacy in computing and communications/13th IEEE international conference on big data science and engineering (TrustCom/BigDataSE). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eKlein RW, Temple MA, Mendenhall MJ (2009) Application of wavelet-based RF Fingerprinting to enhance wireless network security. J Commun Netw 11(6):544\u0026ndash;555\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLin Y, Chang J (2019) Improving wireless network security based on radio Fingerprinting. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eSkowron M, Janicki A, Mazurczyk W (2020) Traffic Fingerprinting attacks on internet of things using machine learning. IEEE Access 8:20386\u0026ndash;20400\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eChen T (2022) Radio Frequency Fingerprint-Based DSRC Intelligent Vehicle Networking Identification Mechanism in High Mobility Environment. Sustainability 14(9):5037\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eJo W, Shin Y, Kim H, Yoo D, Kim D, Kang C, Jin J, Oh J, Na B, Shon T (2019) Digital forensic practices and methodologies for AI speaker ecosystems. Digital Investigation, vol. 29, S80-S93\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eEbbers S Grand theft app: Digital forensics of vehicle assistant apps. The 16th International Conference on Availability, Reliability and Security., Lee et al (2021) Junsu, Forensic Analysis of Apple CarPlay: A Case Study. International Symposium on Mobile Internet Security. Springer, Singapore, 2021\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eEdwards S (2019) and Heather Mahalik. They See Us Rollin, They Hatin-Forensics of iOS CarPlay and Android Auto. SANS DFIR\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLe-Khac, Nhien-An et al (2020) Smart vehicle forensics: Challenges and case study. Future Generation Comput Syst 109:500\u0026ndash;510\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eShin Y, Kim H, Kim S, Yoo D, Jo W, Shon T (2020) Certificate Injection-Based Encrypted Traffic Forensics in AI Speaker Ecosystem. Forensic Sci International: Digit Invest 33:301010\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eShin Y, Kim S, Jo W, Shon T (2022) Digital Forensic Case Studies for In-Vehicle Infotainment systems Using Android Auto and Apple CarPlay. Sensors, vol. 22, no. 19, p. 7196, Sep\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eAnajemba JH, Iwendi C, Razzak I, Ansere JA, Okpalaoguchi IM (2022) A Counter-Eavesdropping Technique for Optimized Privacy of Wireless Industrial IoT Communications, in IEEE Transactions on Industrial Informatics, vol. 18, no. 9, pp. 6445\u0026ndash;6454, Sept. \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003e10.1109/TII.2021.3140109\u003c/span\u003e\u003cspan address=\"10.1109/TII.2021.3140109\" targettype=\"DOI\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLiu G et al (2021) Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes, in IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6578\u0026ndash;6590, 15 April15, \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003e10.1109/JIOT.2020.3048842\u003c/span\u003e\u003cspan address=\"10.1109/JIOT.2020.3048842\" targettype=\"DOI\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eWoo S, Jo HJ, Dong Hoon, Lee (2014) A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Trans Intell Transp Syst 16(2):993\u0026ndash;1006\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eAntonioli D (2022) and Mathias Payer. On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats. 2022 IEEE Security and Privacy Workshops (SPW). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eSladović D et al (2019) Investigating modern cars. 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eGoogle (2023) January. Android Auto. Available online: \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ehttps://www.Android.com/auto/\u003c/span\u003e\u003cspan address=\"https://www.Android.com/auto/\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e (accessed on 1\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eApple (2023) January. Apple CarPlay. Available online: \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003ehttps://www.apple.com/ios/carplay/\u003c/span\u003e\u003cspan address=\"https://www.apple.com/ios/carplay/\" targettype=\"URL\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e (accessed on 1\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eKim H, Shin Y, Kim S, Jo W, Kim M, Shon T (May 2022) Digital Forensic Analysis to Improve User Privacy on Android. Sensors 22(11):3971\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eKim H, Kim S, Shin Y, Jo W, Lee S, Shon T (2021) Ext4 and XFS File System Forensic Framework Based on TSK, Electronics, vol. 10, no. 18, p. 2310, Sep\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLee J (2022) Forensic Analysis of IoT File Systems for Linux-Compatible Platforms. Electronics 11(19):3219\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLee S, Jo W, Eo S, Shon T (2020) ExtSFR: scalable file recovery framework based on an Ext file system. Multimedia Tools Appl 79(23):16093\u0026ndash;16111\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eStrandberg K, Nowdehi N, Olovsson T (2022) A systematic literature review on automotive digital forensics: Challenges, technical solutions and data collection. IEEE Trans Intell Veh 8(2):1350\u0026ndash;1367\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"the-journal-of-supercomputing","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"","sideBox":"Learn more about [The Journal of Supercomputing](https://www.springer.com/journal/11227)","snPcode":"11227","submissionUrl":"https://submission.nature.com/new-submission/11227/3","title":"The Journal of Supercomputing","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Digital Forensics, File System, In-vehicle Network, Infotainment","lastPublishedDoi":"10.21203/rs.3.rs-4664910/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4664910/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eWith the increasing number of in-vehicle computing systems and rapid development of technologies, such as autonomous driving technology, various IoT technologies are being incorporated into vehicles. In these scenarios, a vehicle is typically connected to a smartphone or various sensors to exchange information based on wireless communication. While this is convenient for the driver, from a security standpoint, it means exposing the vehicle to a new cyberattack surface: wireless communication attacks. Therefore, active research on security inspection and improvement for wireless communication in vehicular environments is required. Some studies in this regard have raised security issues, but little digital forensic research has been conducted on the issues raised. Against this background, we conducted a case study based on packet fingerprinting to improve the level of security in wireless communication in a vehicular environment (i.e., in-vehicle wireless communications). Packet fingerprinting was applied to 11 in-vehicle infotainment systems. Consequently, devices and services in use were identified from wireless network packets. Images of internal storage data were acquired from three in-vehicle infotainment systems, and a file system-based analysis was performed on the images to derive digital forensic artifacts related to the packets stored in the vehicle systems. Further analysis was conducted by combining the derived artifacts with the packet fingerprinting results. Our findings indicate that the security level of wireless communication in various in-vehicle infotainment system environments can be evaluated and improved. Moreover, we provide various identification information and digital forensic artifacts derived from various in-vehicle infotainment systems.\u003c/p\u003e","manuscriptTitle":"Digital Forensic Analysis for Vehicle Infotainment Systems based on Packet Fingerprinting","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-07-29 18:27:44","doi":"10.21203/rs.3.rs-4664910/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2024-09-13T11:25:07+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-09-08T14:28:39+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-09-07T19:29:00+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-08-29T00:10:49+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-08-27T22:10:40+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"173061895998106455714307687612421615220","date":"2024-08-19T07:56:58+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"41190047851031088439159081445292089007","date":"2024-08-19T07:31:55+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"31934684114021237670691620948555060531","date":"2024-08-19T04:35:46+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"148941858729903251455768062786420323335","date":"2024-08-17T20:04:59+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"56803087261302419428020968352569663134","date":"2024-08-17T14:11:30+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"79199902902433300835747668456549688337","date":"2024-08-17T09:25:07+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2024-08-17T04:11:46+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2024-07-04T21:08:21+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2024-07-04T12:36:50+00:00","index":"","fulltext":""},{"type":"submitted","content":"The Journal of Supercomputing","date":"2024-07-01T02:56:52+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"the-journal-of-supercomputing","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"","sideBox":"Learn more about [The Journal of Supercomputing](https://www.springer.com/journal/11227)","snPcode":"11227","submissionUrl":"https://submission.nature.com/new-submission/11227/3","title":"The Journal of Supercomputing","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"22f20306-f20d-486c-bf68-9c590fe34ccc","owner":[],"postedDate":"July 29th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"under-review","subjectAreas":[],"tags":[],"updatedAt":"2025-06-02T17:53:20+00:00","versionOfRecord":[],"versionCreatedAt":"2024-07-29 18:27:44","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-4664910","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4664910","identity":"rs-4664910","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.